Jeremy Howard writes:
Jeremy Any suggestions on how we should respond? Update
Jeremy Apache::CodeRed to recognise the new signature, and send an
Jeremy appropriate message to postmaster and webmaster with an
Jeremy updated URL to point to?
Rosh Hashana just ended here in Israel, and I
Tatsuhiko Miyagawa writes:
Miyagawa Configuration variables for Apache::CodeRed seem to be
Miyagawa hardwired in CodeRed.pm itself. Reuven, why not kick out
Miyagawa these variables as those defined by PerlSetVar in
Miyagawa http.conf file?
Sorry, but I was away at a family retreat
Angel R Rivera writes:
Angel how about a way to tell it not to report an ip?? i just
Angel reported on myself. :)
That feature is in the latest version (1.07), thanks to David Young.
DeWitt So *that's* why Reuven has CodeRed.pm CC him on the warning
DeWitt emails.
DeWitt And I
I've modified CodeRed.pm again, such that it now (a) writes better log
messages and (b) sends an automatic message to the SecurityFocus team,
in the format that they specified.
Rather than blast the source code across this mailing list repeatedly,
I've put it up at
Daniel Aldham writes:
Daniel Could the code be added to to add a GET /scripts.root.exe
Daniel and then generate a pop-up screen on the infected host
Daniel warning the owner/administrator. And then maybe shutdown IIS
Daniel CodeRed?
Yes, I'm sure that we *could* add code to CodeRed.pm
that we run Linux and Apache (which
are immune).
You should immediately download the security patch from Microsoft, from
$security_url.
This message was generated automatically by CodeRed.pm for mod_perl
and Apache, written by Reuven M. Lerner ([EMAIL PROTECTED]).
END
$r-log_error(CodeRed