webmaster wrote:
> I don't know about the rest of you who host web sites, but we're still getting
>slammed with Code Red attempts - it's been even worse since the variant came out on
>Saturday.
>
> I was wondering if anyone had worked out a way to automatically notify the site
>administrators ?
>
> When we got hit by a site called ezsecurehosting.com I figured it's about time
>something got done.
>
> Any suggestions ?
How about:
map .ida to ColdFusion
create a page default.ida
on that page do a cfmail to postmaster@#cgi.remote_addr#
If you want to make it better, run the IP address through
RIPE/ARIN/APNIC and get the email address from their upstream provider
there. Then send an automated email to them. Just make sure you keep a
log of what you send to whom, so you don't hammer providers with an
email every second.
Warning: on systems not patched but where the .ida extension is not
present I don't know whether the solution above would introduce the
vulnerability. Of course that only applies to IIS ;)
Jochem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists