There are already similar efforts out there.  ]

Step 1, read the "fightBack" link on this site.

http://www.dshield.org/

Step 2, move this conversation over to CF-Community.

-Cameron

--------------------
Cameron Childress
elliptIQ Inc.
p.770.460.1035.232
f.770.460.0963
--
http://www.neighborware.com
America's Leading Community Network Software





> -----Original Message-----
> From: Mark W. Breneman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 10, 2001 12:51 PM
> To: CF-Talk
> Subject: RE: OT (maybe) : Code Red -email the server admins
>
>
> I realize that you were joking.  But... with a little work and a bit of CF
> coding a reverse look up that emails the server admin of the attacking
> server could be made.
>
> Parse through the IIS log file looking for the request for the
> /default.ida
> xxx///.....  With a little reverse look-up on the IP address of
> the request
> and then send mail to postmaster, webmaster, etc you could notify these
> server Admins of the problem.  Note, you will not be able to get
> enough info
> on all of the IP address of the server.  They would get an email
> per attempt
> that may add up to a lot of mail given time and chances are alot of people
> that get the mail may not even be associated with the web server.
>  (i.e. our
> DLS provider would get the emails for our office static IP
> address.)  So, if
> you were to do this you could get a bit of hate mail.
>
> Any ideas or thoughts?  If I had more free time I would think about doing
> this.
>
> Mark W. Breneman
> -Cold Fusion Developer
> -Network Administrator
>   Vivid Media
>   [EMAIL PROTECTED]
>   www.vividmedia.com
>   608.270.9770
>
>
>
> -----Original Message-----
> From: Justin Greene [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 10, 2001 7:47 AM
> To: CF-Talk
> Subject: RE: OT (maybe) : Code Red
>
>
> Anyone know whether the exploit being used by code red could be used to
> launch a counter exploit on the infected system that patches the machine
> :-).
>
> Justin
>
> -----Original Message-----
> From: webmaster [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 07, 2001 9:54 PM
> To: CF-Talk
> Subject: OT (maybe) : Code Red
>
> I don't know about the rest of you who host web sites, but we're still
> getting slammed with Code Red attempts - it's been even worse since the
> variant came out on Saturday.
>
> I was wondering if anyone had worked out a way to automatically notify the
> site administrators ?
>
> When we got hit by a site called ezsecurehosting.com I figured it's about
> time something got done.
>
> Any suggestions ?
>
> Richard
> Y2K Internet Technologies
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to