You need to find the line in you apache conf file that looks like this:
AddHandler cgi-script .cgi
and make it look like this:
AddHandler cgi-script .cgi .ida .exe
The .exe is optional, I just made a symlink from the default.ida script to
scripts/root.exe to see if I could catch Nimda attacks as well, but it
doesn't help any. Make sure the default.ida is executable, too.
On Friday, September 21, 2001, at 02:10 PM, Steve Torrence wrote:
> Great idea, I just downloaded it but now I need to figure out how to get
> it to execute. When I go to the URL now I just get the text of the code
> so I need to turn executing of .ida files on somewhere. Any clues?
>
> On Friday, September 21, 2001, at 04:08 PM, Ed Silva wrote:
>
>> There are many things like this out there. I found a perl script that
>> acts like the 'default.ida' file CodeRed looks for and tries to shutdown
>> the attacking webserver and reboot the machine. That only keeps them
>> from attacking and scanning, it doesn't patch their machine or anything.
>>
>> Here's a link to it on my machine:
>>
>> http://skitzo.septicus.com/default.ida
>
>
Cheers,
--Ed