Hi! You can use iptables on the same machine: if you patch it with the string patch, you can drop packet with "cmd.exe", "root.exe", "default.ida", and so on... Try something like this:
#!/bin/sh #Put here your external interface EXT_INT=eth1 iptables -I INPUT -p tcp -i $EXT_INT --dport 80 -m string --string "/cmd.exe" -j DROP iptables -A INPUT -p tcp -i $EXT_INT --dport 80 -m string --string "/root.exe" -j DROP iptables -A INPUT -m state --state REALTED,ESTABLISHED -j ACCEPT <and so on> At 09.49 28/01/2002 +0000, you wrote: >Dear All > >Is there a way to stop apache responding to .exe file requests altogether? > >I am getting fed up with my error_log file being filled by nimbda and we >don't host any .exe files!! I have been monitoring >it since the summer and the number of nimbda type entries appears to have >started to go up again since xmas...
