Re: [imail] IIS Judo against Nimda's DoS attacks (was Fwd: [isp-linux] Buaaa Haaa Ha Haaaaaaaaa...)

Neil Ulrich Fri, 21 Sep 2001 14:26:25 -0700
Couldn't this be added somewhere into the hksi classic / killer templates?
That if detect *.exe blah blah blah redirect...

So when port 80 on imail is called it sends the virus packing?

----- Original Message -----
From: "Ron Hornbaker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 4:24 PM
Subject: RE: [imail] IIS Judo against Nimda's DoS attacks (was Fwd:
[isp-linux] Buaaa Haaa Ha Haaaaaaaaa...)


> Change the code to this and just edit the comma-delimited myBadList
> variable:
>
> <%
> 'Custom404.asp page to thwart Nimda DoS attacks on IIS
> 'by Humankind Systems, Inc. http://hksi.net/
> 'No support or guarantees of any kind are granted with this
> 'code. Use at your own risk. Distribute freely.
>
> 'Get the entire URL requested
> myRequest=Request.ServerVariables("QUERY_STRING")
>
> 'A list of filenames Nimda looks for
> myBadList="cmd.exe,root.exe,admin.dll,default.ida"
>
> 'Detect a GET request from the Nimda virus and take appropriate action
> arrBadString=Split(myBadList,",")
> for i=0 to UBound(arrBadString)
> if inStr(myRequest,arrBadString(i))>0 then
> 'turn offending server back on itself
> Response.redirect "http://127.0.0.1";
> end if
> next
> %>
> <html>
> <head>
> <title>Page Not Found</title>
> </head>
> <body>
> Sorry, but that page was not found on our server.
> <p>
> Here is a link back to our <a href="/">Home Page</a>.
> </body>
> </html>
>
>
>
> Ron Hornbaker
> President/CTO
>   .  .  .  .  .  .  .  .  .  .  .  .  http://humankindsystems.com
>   .  .  .  .  .  .  .  .  .  .  .  .  w e  c o d e.  w e  c a r e.
>
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Len
> > Conrad
> > Sent: Friday, September 21, 2001 3:06 PM
> > To: [EMAIL PROTECTED]
> > Subject: Fwd: [isp-linux] Re: [imail] Buaaa Haaa Ha Haaaaaaaaa...
> >
> >
> > Ron,
> >
> > what about admin.dll, and here�s a couple more
> >
> > Len
> >
> > --------------------
> >
> >
> > >From: "Bill Larson" <[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: [isp-linux] Re: Buaaa Haaa Ha Haaaaaaaaa...
> > >Date: Fri, 21 Sep 2001 14:21:24 -0500
> > >X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> > >List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
> > >Reply-To: [EMAIL PROTECTED]
> > >X-INTM-Message-Id:
> > ><INTM-62637-1230739-2001.09.21-14.26.57--lconrad#go2france.com@
> > lists.isp-lists.com>
> > >X-Virus-Scanned: by VirusGate.MEIway.com
> > >X-RCPT-TO: <[EMAIL PROTECTED]>
> > >
> > >RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
> > >RedirectMatch (.*)\default.ida$ http://127.0.0.1
> > >RedirectMatch (.*)\root.exe$ http://127.0.0.1
> > >
> > >I added a couple
> > >
> > >----- Original Message -----
> > >From: "Nick Weerheim" <[EMAIL PROTECTED]>
> > >To: <[EMAIL PROTECTED]>
> > >Sent: Friday, September 21, 2001 2:16 PM
> > >Subject: [isp-linux] Re: Buaaa Haaa Ha Haaaaaaaaa...
> > >
> > >
> > > > this is freaky.... the attacks here have stopped too....
> > thats crazy.....
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>




______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
Re: [imail] IIS Judo against Nimda's DoS attacks (was Fwd: [isp-linux] Buaaa Haaa Ha Haaaaaaaaa...)

Reply via email to
