[lug] RE: Redirect code-where does it go?

Justin glow at jackmoves.com
Thu Sep 27 08:32:47 MDT 2001


I tried that same redirect line verbatum in my httpd.conf and have not 
seen my nimda hits drop at all. I sent an email to the list yesterday 
or the day before to see if that line was actually right but have not 
gotten a response yet. 

Justin

> I have seen mentioned over the past few days a redirect solution to 
the
> nimda/code red worm problem as shown below.
> 
> RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
> 
> What page/config file does this go in and what is the full syntax?
> 
> I have been using php to read the URI and redirect it back to itself 
and it
> seems to work OK, and I have also been using ipchains with manually 
entered
> IP's to deny packets.
> 
> The problem with my solutions is that they require manual 
intervention to
> configure the denials/redirects. I would like to do this 
automagically.
> 
> BTW, the redirects HAVE worked fairly well, the DENY's have worked 
well at
> reducing the amount of bandwidth wasted. One of the other things I 
found is
> that variations of Nimda try to cover their tracks as they are 
infecting a
> machine by opening another Explorer window. I help them out by 
running a
> counter that opens 500 :) It seems to slow them down a bit...
> 
> Thanks all,
> 
> --->Rob
> ----
> Bill Gates uses a Macintosh.
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 

-----
glow at jackmoves.com
www.jackmoves.com



More information about the LUG mailing list