The server is running IIS. The actual worm isn't causing any damage to us other than trying to flood our server with bogus requests. So far the response time of the server hasn't been damaged, but it's only day two of the virus and it seems by 5% an hour. Right now the server is getting about 1200 bogus requests a minute which is around 1.7 million a day (at the current rate). The log files I can just delete every few hours, but I was hoping to find a little bit better solution.
-Mike ----- Original Message ----- From: "decker" <[EMAIL PROTECTED]> To: <xmail@xmailserver.org> Sent: Wednesday, March 02, 2005 12:55 PM Subject: [xmail] Re: 110% off topic > Hi, > > I'm not sure if this will help you since it's only relative for apache users. If you are running IIS or something I dunno. > > If you watch your logs closely you'll probably know there are some really annoying windows worm things out there that, while posing no threat to apache/*nix, are still annoying and a waste of space in logs. > For example there is one that does a SEARCH request that is so long it breaches apache's max length for a url. To not log it (and another for example) I have in httpd.conf > > SetEnvIf Request_URI ^/SEARCH annoying > SetEnvIf Request_URI ^/scripts/.. annoying > > And in my vhost entries (anywhere that would log this really) > > CustomLog /home/decker/logs/www/n3t.net-access_log combined env=!annoying > > This allows me to log everything normally except the junk from the worms. I'm not familiar with the bagle virus and what it looks for, however you may be able to apply the above example to help performance and save disk space. If the virus requests are causing the server to hit its MaxClients limit, then you are SOL for the most part. > > -darren > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]