On Thursday 13 November 2003 08:31 am, Ross Werner wrote: > On Thu, 13 Nov 2003, Gary Thornock wrote: > > I've never found an address to report worms like these to Comcast, > > either. A few of the addresses that have contributed the most to my > > (long) apache logs have found their way into my ipchains rules, but > > beyond that, there doesn't seem to be much you can do about it, unless > > you're into gloating because Apache on Linux is immune to Code Red and > > Nimda :) > > Back when Code Red [and II] and Nimda first came out, and I was in the > "gloating" stage, I wrote a perl script that would monitor my log files > for a Code Red "hit", and then play some particular sound whenever I got > "attacked". It was pretty amazing to hear at least one hit every few > minutes (plus many minutes with /tons/ of hits) for days upon days on end. > > ~ ross
Search for nimda/codered on cpan, and there is a mod_perl module that captures these requests, and can do lookups to automatically mail the isp and or system owner to notify. Apache::CodeRed, I think, it's a part of Apache::MSIISExploits or something like that. -- -- Jayce^
pgp00000.pgp
Description: signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
