Not sure how it is used, but Frontpage extensions actually uses a admin.dll
in the frontpage directories. Need to make sure your sites don't need it
for normal operation.
Chuck Frolick
ArgoNet, Inc.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ron
Hornbaker
Sent: Friday, September 21, 2001 3:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [imail] IIS Judo against Nimda's DoS attacks (was Fwd:
[isp-linux] Buaaa Haaa Ha Haaaaaaaaa...)
Change the code to this and just edit the comma-delimited myBadList
variable:
<%
'Custom404.asp page to thwart Nimda DoS attacks on IIS
'by Humankind Systems, Inc. http://hksi.net/
'No support or guarantees of any kind are granted with this
'code. Use at your own risk. Distribute freely.
'Get the entire URL requested
myRequest=Request.ServerVariables("QUERY_STRING")
'A list of filenames Nimda looks for
myBadList="cmd.exe,root.exe,admin.dll,default.ida"
'Detect a GET request from the Nimda virus and take appropriate action
arrBadString=Split(myBadList,",")
for i=0 to UBound(arrBadString)
if inStr(myRequest,arrBadString(i))>0 then
'turn offending server back on itself
Response.redirect "http://127.0.0.1";
end if
next
%>
<html>
<head>
<title>Page Not Found</title>
</head>
<body>
Sorry, but that page was not found on our server.
<p>
Here is a link back to our <a href="/">Home Page</a>.
</body>
</html>
Ron Hornbaker
President/CTO
. . . . . . . . . . . . http://humankindsystems.com
. . . . . . . . . . . . w e c o d e. w e c a r e.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Len
> Conrad
> Sent: Friday, September 21, 2001 3:06 PM
> To: [EMAIL PROTECTED]
> Subject: Fwd: [isp-linux] Re: [imail] Buaaa Haaa Ha Haaaaaaaaa...
>
>
> Ron,
>
> what about admin.dll, and here�s a couple more
>
> Len
>
> --------------------
>
>
> >From: "Bill Larson" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: [isp-linux] Re: Buaaa Haaa Ha Haaaaaaaaa...
> >Date: Fri, 21 Sep 2001 14:21:24 -0500
> >X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >X-INTM-Message-Id:
> ><INTM-62637-1230739-2001.09.21-14.26.57--lconrad#go2france.com@
> lists.isp-lists.com>
> >X-Virus-Scanned: by VirusGate.MEIway.com
> >X-RCPT-TO: <[EMAIL PROTECTED]>
> >
> >RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
> >RedirectMatch (.*)\default.ida$ http://127.0.0.1
> >RedirectMatch (.*)\root.exe$ http://127.0.0.1
> >
> >I added a couple
> >
> >----- Original Message -----
> >From: "Nick Weerheim" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Friday, September 21, 2001 2:16 PM
> >Subject: [isp-linux] Re: Buaaa Haaa Ha Haaaaaaaaa...
> >
> >
> > > this is freaky.... the attacks here have stopped too....
> thats crazy.....
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
