On Sun, 11 Nov 2001, Bill Day wrote:
> Currently cheating 8^) Am running PMFirewall for IPChains firewall.
Not really cheating: PMFirewall does a pretty decent job without much
hassle. I like it, and occasionally use it for NAT on my home dialup.
> Imagine this might make a difference..?
I
On Sat, 10 Nov 2001, Bill Day wrote:
> Well first hit didnt turn out to bad...
>
> Typical nimda worm hit here(Of course excuse the wordwrap):
> 63.44.253.111 - - [10/Nov/2001:02:49:01 -0500] "GET /scripts/root.exe?/c+dir
> HTTP/1.0" 404 319
> 63.44.253.111 - - [10/Nov/2001:02:49:02 -0500] "GET
Well first hit didnt turn out to bad...
Typical nimda worm hit here(Of course excuse the wordwrap):
63.44.253.111 - - [10/Nov/2001:02:49:01 -0500] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 319
63.44.253.111 - - [10/Nov/2001:02:49:02 -0500] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 317
63.44.2
I'll give it a go..
Thanks for the other, sure many of us will enjoy it 8^)
On Friday 09 November 2001 07:56, you were heard blurting out:
> I found a post on Bugtraq that deals w/ configuring Apache to not log worm
> attacks. I modified it slightly: # Don't log worm attacks
> SetEnvIf Request_
I found a post on Bugtraq that deals w/ configuring Apache to not log worm attacks. I
modified it slightly:
# Don't log worm attacks
SetEnvIf Request_URI "/winnt/system32/cmd\.exe" worm
SetEnvIf Request_URI "/scripts/root\.exe" worm
SetEnvIf Request_URI "/MSADC/root\.exe" worm
SetEnvIf Request_UR
