Hello,
Now that Micro$oft has finally put out some information about their
latest trick I have posted a new version of MSIISProbes.pm.
Version 1.02 changes include putting the URL to a page containing info
about each worm into a PerlSetVar ... this means that once you have
configured
On Tue, Sep 18, 2001 at 04:07:59PM -0700, Nick Tonkin wrote:
Heh, as Nat maybe saw the worm doesn't always request ?/c+dir, so until I
can figure out a better way to identify it we'll have to go with
cmd.exe|root.exe
Here's a sample Nimda hit (courtesy of 'nc -l -p 80' -- try it yourself
on
Nick Tonkin writes:
Now that Micro$oft has finally put out some information about their
latest trick I have posted a new version of MSIISProbes.pm.
Version 1.02 changes include putting the URL to a page containing info
about each worm into a PerlSetVar ... this means that once you have
On Wed, 19 Sep 2001, Bruce Albrecht wrote:
I was looking at your Apache::MSIISProbes module, and I didn't
understand the part about the nimda rewrite rules, mostly because I
haven't used the rewrite rules. Do the following rules
RewriteCond %{REQUEST_URI} !nimda
RewriteCond
Heh, as Nat maybe saw the worm doesn't always request ?/c+dir, so until I
can figure out a better way to identify it we'll have to go with
cmd.exe|root.exe
so my httpd.conf is now:
Location /default.ida
SetHandler perl-script
PerlHandler Apache::MSIISProbes
