[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] NIMDA
- Subject: Re: [cobalt-users] NIMDA
- From: "William Moore" <bmoore@xxxxxxxxxxxxxxxxx>
- Date: Sat Sep 29 23:22:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Mustafa Cavcar" <mcavcar@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Sunday, September 30, 2001 2:09 AM
Subject: [cobalt-users] NIMDA
> How are we going to stop these NIMDA attacks filling logs?
>
> Mustafa Cavcar
> macavcar@xxxxxxxxxx
>
I use a mod rewrite script in the virtual host can of each domain. it
redirects the attacks (?) to 127.0.0.1 and does not create an entry in the
error log for it.
I was filling the logs to about 150 meg or so a day with this I do not get
any.
Redirect /c/winnt/system32/cmd.exe http://127.0.0.1
Redirect /d/winnt/system32/cmd.exe http://127.0.0.1
Redirect /scripts/..%2f../winnt/system32/cmd.exe http://127.0.0.1
Redirect /MSADC/root.exe http://127.0.0.1
Redirect /scripts/..%5c../winnt/system32/cmd.exe http://127.0.0.1
Redirect /scripts/..Á?../winnt/system32/cmd.exe http://127.0.0.1
Redirect /scripts/..À¯../winnt/system32/cmd.exe http://127.0.0.1
Redirect /scripts/..Á�../winnt/system32/cmd.exe http://127.0.0.1
Redirect
/msadc/..%5c../..%5c../..%5c/..Á�../..Á�../..Á�../winnt/system32/cmd.exe
http://127.0.0.1
Redirect /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
http://127.0.0.1
Redirect /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
http://127.0.0.1
Redirect /scripts/root.exe http://127.0.0.1
Redirect /default.ida http://127.0.0.1
Redirect /iisadmpwd/..À¯../..À¯../winnt/system32/cmd.exe http://127.0.0.1
I must admit I was tempted to send them to http://www.microsoft.com but
decided not to.
Bill