[lug] RE: Redirect code-where does it go?
Justin
glow at jackmoves.com
Thu Sep 27 08:32:47 MDT 2001
I tried that same redirect line verbatum in my httpd.conf and have not
seen my nimda hits drop at all. I sent an email to the list yesterday
or the day before to see if that line was actually right but have not
gotten a response yet.
Justin
> I have seen mentioned over the past few days a redirect solution to
the
> nimda/code red worm problem as shown below.
>
> RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
>
> What page/config file does this go in and what is the full syntax?
>
> I have been using php to read the URI and redirect it back to itself
and it
> seems to work OK, and I have also been using ipchains with manually
entered
> IP's to deny packets.
>
> The problem with my solutions is that they require manual
intervention to
> configure the denials/redirects. I would like to do this
automagically.
>
> BTW, the redirects HAVE worked fairly well, the DENY's have worked
well at
> reducing the amount of bandwidth wasted. One of the other things I
found is
> that variations of Nimda try to cover their tracks as they are
infecting a
> machine by opening another Explorer window. I help them out by
running a
> counter that opens 500 :) It seems to slow them down a bit...
>
> Thanks all,
>
> --->Rob
> ----
> Bill Gates uses a Macintosh.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
>
-----
glow at jackmoves.com
www.jackmoves.com
More information about the LUG
mailing list