Anybody know of any module I can use to hit back at these default.ida bozos
(i.e. keep them away from my IP addresses ?). I'm running apache/modperl on
Win32.
[snip]
::grin:: In the post he mentioned about trashing the kernel on NT so
this might be kinda fun...
Well you
Hello,
I've gotten Apache::AuthCookie to run against Netscape
and Mozilla browsers. However, when I try to get it
to work with IE with prompting enabled for accepting
cookies, I never get prompted to accept a cookie, so
it appears that the browser is refusing to acknowlegde
that the cookie
On Sun, 5 Aug 2001, Les Mikesell wrote:
The descriptions I've seen indicate that it has a flaw in
the attempt to pick random targets.
That was only the first version of Code Red I, Code Red II
(which is the one that is scanning in your neighborhood (close
netblocks)) doesn't have that flaw.
On Mon, 6 Aug 2001, Christopher L. Everett wrote:
I _must_ get this working with IE. Does anyone have a
clue stick for me?
try posting the Set-Cookie: line that you are sending to the
browsers.
- ask
--
ask bjoern hansen, http://ask.netcetera.dk/ !try; do();
more than 100M impressions
Hi all,
Don't we need to load the module before using it?
With:
PerlModule My::Module::Name
Location /foo
SetHandler perl-script
PerlHandler My::Module::Name
/Location
## OR
Location /foo
SetHandler perl-script
Perhaps we should just keep a central database of where the attempts are coming from.
We could even extend it to work like the RBL - connects are not allowed from IP's
that have attempted the exploit (an explanation page appears instead of the requested
page) and are listed in our blacklist. That
Hi there,
On Mon, 6 Aug 2001, Christopher L. Everett wrote:
I _must_ get this working with IE. Does anyone have a
clue stick for me?
There is IE and there is IE, the versions don't all behave the same
(for just about anything you can think of. :) Which version(s) of IE
are you using?
On Mon, 6 Aug 2001, Nouguier Olivier wrote:
Hi all,
Don't we need to load the module before using it?
that's right, I assumed that it was preloaded already :) thanks for this
note.
With:
PerlModule My::Module::Name
Location /foo
SetHandler perl-script
Hi there,
On Mon, 6 Aug 2001, Alan Burlison wrote:
Please note that the same compiler must be used to build Perl and mod_perl,
Not so. gcc should work just fine. The problem is that when perl is
configured and built, it saves the compiler name and flags in Config.pm.
Well OK, read What
Ged Haywood wrote:
Well OK, read What Compiler Should Be Used to Build mod_perl? in the
install section of Stas' new book if you want to use different compilers
- but don't say I didn't warn you! :)
By all means, please feel free to buy our compiler.
Alan Burlison
-Original Message-
From: Alan Burlison [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 06, 2001 4:54 AM
To: Ged Haywood
Cc: Bryan McGuire; Paul Phillips; [EMAIL PROTECTED]
Subject: Re: compiling troubles on Solaris 8
[snip]
As an aside, Solaris 8 comes with prebuilt versions
Geoffrey Young wrote:
As an aside, Solaris 8 comes with prebuilt versions of Apache
and mod_perl,
does anyone familiar with HP-UX, AIX, or IRIX know whether this is true of
these platforms as well?
Whether they are DSO mod_perl or not would also be helpful.
On Solaris it is built as
--
mod_perl digest
July 29, 2001 - August 4, 2001
--
Recent happenings in the mod_perl world...
Features
o
Hi,
our code contains exactly one SQL-Statement:
our $getSQL = 'select SQLSTMT, INPARAM, OUTPARAM from SQLSTMT where ID=?';
but I think it would even be cleaner to use a PerlSetVar for that...
cu
Michael
Datum: 01.08.2001 17:14
An:[EMAIL PROTECTED]
Betreff: [OT]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 4:17 PM -0500 8/5/01, Les Mikesell wrote:
The descriptions I've seen indicate that it has a flaw in
the attempt to pick random targets. It always uses the
same seed so every instance runs through the same addresses
in the same order. That means
I've modified CodeRed.pm again, such that it now (a) writes better log
messages and (b) sends an automatic message to the SecurityFocus team,
in the format that they specified.
Rather than blast the source code across this mailing list repeatedly,
I've put it up at
From: Mark Maunder [EMAIL PROTECTED]
Perhaps we should just keep a central database of where the attempts are
coming from.
We could even extend it to work like the RBL - connects are not allowed from
IP's that have attempted the exploit
Would that really help anything? The traffic would
Jeffrey Hartmann [EMAIL PROTECTED] writes:
2). Apache::Upload seams to delete it's temp file, however when I run df
the memory that file used is still allocated but there are no files in the
/tmp dir. I've commented out all of the Image::Magick code in that block so
that Image::Magick
AFAIK most large backbone routers out there dont support application layer
filtering e.g. filtering based on what type of http request it is, or what is
requested. Too much CPU overhead methinks.
Some examples: In the case of the user having a dynamically assigned IP address,
the next person
It looks like the latest CodeRed III compromises a server by putting
a backdoor in place, such that a GET /scripts/root.exe will give anyone
a shell on the infected machine. Could the code be added to to add a
GET /scripts.root.exe and then generate a pop-up screen on the infected host
warning
Daniel Aldham writes:
Daniel Could the code be added to to add a GET /scripts.root.exe
Daniel and then generate a pop-up screen on the infected host
Daniel warning the owner/administrator. And then maybe shutdown IIS
Daniel CodeRed?
Yes, I'm sure that we *could* add code to CodeRed.pm
Recently i transfered over my company's existing websiste from winnt 4
server with iis 4 to redhat 7.0 with apache 1.3.12/mod_perl 1.24. The
majority of the site is done in perl and there are perl scripts in almost
every directory. But apache cant seem to run them, my main site page is a
perl
The source behind www.masonhq.com, the official Mason web site, is now
available via anonymous CVS. As you might guess, Mason components and Perl
libraries comprise the bulk of the code.
For new Mason users, this gives you a large and (relatively :]) clean
example site to learn from. For more
On Mon, 6 Aug 2001, Mark Vazquez wrote:
Hi,
Recently i transfered over my company's existing websiste from winnt 4
server with iis 4 to redhat 7.0 with apache 1.3.12/mod_perl 1.24. The
majority of the site is done in perl and there are perl scripts in almost
every directory. But apache
Seems to have helped out a lot, thanks for pointing out those small changes.
What would really help is if all the ISPs out there put filters on their
routers to catch these requests as close to their source as possible.
Hey. Real quick, this discussion is getting a tad off topic,
but, in terms of security, the ideal way to handle this is and prevent
future
I'm upgrading mod_perl on a Solaris 2.6 production machine. Although a
little downtime on this machine won't be a big issue, I'm wondering about
backup plans.
I've got mod_perl ready for make install (I'm currently using a PERL5LIB
environment to test mod_perl on a high port from the blib).
So
-Original Message-
From: Bill Moseley [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 06, 2001 3:18 PM
To: [EMAIL PROTECTED]
Subject: Backing out a mod_perl install
I'm upgrading mod_perl on a Solaris 2.6 production machine.
Although a
little downtime on this machine won't
someone please correct me but:
I believe that make install will only overwrite httpd (the executable
binary). Any other files that already exist will not be touched. Last time
I did something like this, I simply made a copy of my httpd binary and
everything else was in my system backups.
At 03:21 PM 08/06/01 -0400, Geoffrey Young wrote:
to backout the Perl modules so I could run the old httpd, if needed.
you can try the tar_Apache and offsite_tar arguments to make and see if they
wrap up everything you need...
Ok, thanks tar_Apache should include all that I need, thanks. I
I have a test system up and running. Anyone want to write a mod_perl handler to
redirect
to a warning page if the clients IP is in the list? I'm not really sure which phase
would be the least intrusive into existing applications.
telnet www.swiftcamel.com
Then hit enter and you'll see the
Hello,
Is there a bug in Apache::Cookie? I am trying to set a cookie using:
$webuname = Apache::Cookie-new( $r,
-name = 'randh_webuname',
-value
=$user,
In a previous post today I mentioned how I was running mod_perl from the
build directory by setting a PERL5LIB.
I seem to need to add:
perl
/perl
at the top of httpd.conf. Otherwise I get:
Apache.pm version 1.27 required!
/usr/local/lib/perl5/site_perl/5.005/sun4-solaris/Apache.pm is version
On Mon, 6 Aug 2001, Mark Maunder wrote:
I have a test system up and running. Anyone want to write a mod_perl handler to
redirect
to a warning page if the clients IP is in the list? I'm not really sure which phase
would be the least intrusive into existing applications.
telnet
On Tue, Aug 07, 2001 at 08:18:18PM +1000, Cees Hek wrote:
So what your saying is that you have a list of potentially rooted machines
that you are making publically available... Doesn't sound like such a
good idea to me...
So *that's* why Reuven has CodeRed.pm CC him on the warning emails.
Thanks Joe!!
Well that was exactly right. The Apache::Upload temp file is still open (or
mmap'd) after it's unlinked and ImageMagick just doesn't delete it's file.
I don't have the problem with Image Magick with small files because it
doesn't create temporary files for small images. I also
There have been some messages on the Mason list about people experiencing
startup.pl being loaded twice, even without PerlFreshRestart on. I know the
server restarts during startup, but PerlRequire and PerlModule are both
supposed to obey the laws of %INC, right? I seem to remember some
how about a way to tell it not to report an ip?? i just reported
on myself. :)
At 07:32 PM 8/6/2001 -0400, DeWitt Clinton wrote:
On Tue, Aug 07, 2001 at 08:18:18PM +1000, Cees Hek wrote:
So what your saying is that you have a list of potentially rooted machines
that you are making
uwb-02-chroot# uname -a
FreeBSD uwb-02.cdsnet.net 4.3-STABLE FreeBSD 4.3-STABLE #0: Fri Aug 3 11:43:20 PDT 200
uwb-02-chroot# perl -v
This is perl, v5.6.1 built for i386-freebsd
uwb-02-chroot# cat /usr/local/etc/apache/startup.pl
#!/usr/bin/perl
use Apache;
use Apache::Status;
use
startup.pl cannot be run from the command line when it
contains apache server specific modules.
Jaye Mathisen wrote:
uwb-02-chroot# uname -a
FreeBSD uwb-02.cdsnet.net 4.3-STABLE FreeBSD 4.3-STABLE #0: Fri Aug 3 11:43:20 PDT
200
uwb-02-chroot# perl -v
This is perl, v5.6.1 built for
Hello,
CEI've gotten Apache::AuthCookie to run against Netscape
CEand Mozilla browsers. However, when I try to get it
CEto work with IE with prompting enabled for accepting
CEcookies, I never get prompted to accept a cookie, so
CEit appears that the browser is refusing to acknowlegde
CEthat the
On Mon, 6 Aug 2001, Bill Moseley wrote:
In a previous post today I mentioned how I was running mod_perl from the
build directory by setting a PERL5LIB.
I seem to need to add:
perl
/perl
at the top of httpd.conf. Otherwise I get:
Apache.pm version 1.27 required!
On Mon, 6 Aug 2001, Perrin Harkins wrote:
There have been some messages on the Mason list about people experiencing
startup.pl being loaded twice, even without PerlFreshRestart on. I know the
server restarts during startup, but PerlRequire and PerlModule are both
supposed to obey the laws
On Mon, 6 Aug 2001, Jim Smith wrote:
On Sat, Aug 04, 2001 at 08:12:25PM +0800, Stas Bekman wrote:
This is a proposal for the mod_perl 2.0 documentation project.
Sounds good.
+ each project will have its pumpkin which will make sure that all
chapters of the project adher to the same
[CC'ing back to the list for archival and possibly interesting followup
discussion]
On Mon, 6 Aug 2001, Kyle Oppenheim wrote:
Here's another method to generate a core on Solaris that you may want to add
to the guide. (I hope I'm not repeating something already in the guide!)
1. Use
what happens to the newly spawned processes?
The -f tells truss to follow forks.
For completeness... The -l (that's an el) includes the thread-id and the pid
(the pid is what we want). The -t specifies the syscalls to trace, and the
!all turns them all off. The -s specifies signals to trace
46 matches
Mail list logo
