[lug] RE: Redirect code-where does it go?

Rob Peacock rob at rmpg.org
Wed Sep 26 22:58:37 MDT 2001


I have seen mentioned over the past few days a redirect solution to the
nimda/code red worm problem as shown below.

RedirectMatch (.*)\cmd.exe$ http://127.0.0.1

What page/config file does this go in and what is the full syntax?

I have been using php to read the URI and redirect it back to itself and it
seems to work OK, and I have also been using ipchains with manually entered
IP's to deny packets.

The problem with my solutions is that they require manual intervention to
configure the denials/redirects. I would like to do this automagically.

BTW, the redirects HAVE worked fairly well, the DENY's have worked well at
reducing the amount of bandwidth wasted. One of the other things I found is
that variations of Nimda try to cover their tracks as they are infecting a
machine by opening another Explorer window. I help them out by running a
counter that opens 500 :) It seems to slow them down a bit...

Thanks all,

--->Rob
----
Bill Gates uses a Macintosh.



More information about the LUG mailing list