[lug] Code Red and variants
Greg Horne
jeerygh at hotmail.com
Tue Oct 30 17:35:16 MST 2001
You are probably noticing the geographical hits becaue people on your
carrier share similar IP address space...
I'm on:
111.222.333.xxx
I get hits from:
111.222.334.xxx
111.223.333.xxx
and so on...
Same with my dial-up connection, damn the uninformed Earthlink users!
If you are using apache, just toss this into httpd.conf
RedirectMatch (.*)/cmd.exe$ http://127.0.0.1
You can add whatever you keep getting requests for too
Greg
>From: Jeff <feenix at ticnet.com>
>Reply-To: lug at lug.boulder.co.us
>To: "lug at lug.boulder.co.us" <lug at lug.boulder.co.us>
>Subject: [lug] Code Red and variants
>Date: Sun, 28 Oct 2001 15:10:24 -0500
>
>Is it me or has anybody else looked at their firewall/http logs? Just
>for kicks, I looked at mine and noticed that I have a rather large
>number of hits; from a small geographical area. Like the NW part of the
>country, Washington/Oregon area? Is it possible that the general
>density of M$ users is higher there? Just a thought.
>
>Jeff
>--
>"Yet they are mistaken, they will be exposed, and they will discover
>what
>others in the past have learned; Those who make war against the United
>States have chosen their own destruction."
>G. Bush Jr. Sept '01
>_______________________________________________
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG
mailing list