);
}
elseif($logt == syslog)
{
closelog();
}
?
-8-8-8-8-8-8
-Original Message-
From: David Robley [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 9:00 PM
To: Bill Farrell
Subject: Re: [PHP] new one is it ??
On Mon
Title: RE: [PHP] new one is it ??
Hiya again, Erik:
Here's the barely-tested but apparently functional Code Red detector. I added some variables at the top for configuring email destinations. The important change is that it will query ARIN, RIPE, and APNIC until it finds a reasonable answer
Boy that looks familiar...my (apache) logs are full of 'em.
I wonder if we can make a PHP script called default.ida that sends back
a big chunk of data and causes the worm to get a buffer overflow? :) :)
- Tim (glad I don't run IIS :)
On 13 Aug 2001 22:27:06 +0800, Mark Lo wrote:
= 1;
// generate some random junk
$n = 0;
while ($n++ $jsize) {
$junk .= chr( rand(1,200) );
}
$i = 0;
while ( $i++ $jout ) {
print $junk;
}
?
-Original Message-
From: Tim [mailto:[EMAIL PROTECTED]]
Subject: Re: [PHP] new one is it ??
Boy that looks familiar
, August 13, 2001 10:38 AM
To: php
Subject: RE: [PHP] new one is it ??
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
what about something like this ?
(just configure apache to have PHP handle *.ida files)
?
// this is so our script won't time out
set_time_limit(0);
// how many bytes
] [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 10:38 AM
To: php
Subject: RE: [PHP] new one is it ??
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
what about something like this ?
(just configure apache to have PHP handle *.ida files)
?
// this is so our script won't
-Original Message-
From: Tim [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 9:38 AM
To: Mark Lo
Cc: php general
Subject: Re: [PHP] new one is it ??
Boy that looks familiar...my (apache) logs are full of 'em.
I wonder if we can make a PHP script called default.ida
No, that's the rather old one. That would be CR1.
Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com
On Mon, 13 Aug 2001 22:27:06 +0800
Mark Lo [EMAIL PROTECTED] wrote:
208.251.146.123 - - [13/Aug/2001:22:24:27 +0800] GET
That's pretty cool. Alas, the 'whois' part of the code doesn't work
properly (at least on my system).
- Tim
On 13 Aug 2001 10:21:45 -0500, Mark Roedel wrote:
I rather liked this approach that I saw posted in another list:
http://www.klippan.seths.se/default.phps
(Does some
be more than happy to share.
CY'all,
Bill
-Original Message-
From: Tim [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 1:16 PM
To: Mark Roedel
Cc: Mark Lo; php general
Subject: RE: [PHP] new one is it ??
That's pretty cool. Alas, the 'whois' part of the code doesn't work
properly
Well, you could send the junk data to micro$oft instead.
-Original Message-
From: Scott Brown [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 7:52 AM
To: 'scott [gts]'; [EMAIL PROTECTED]
Subject: RE: [PHP] new one is it ??
Unfortunately, you're punishing the infected person
11 matches
Mail list logo