Re: Apache to rewrite or not ..

To: debian-isp@lists.debian.org
Subject: Re: Apache to rewrite or not ..
From: Fred Smith <fps@dividedsky.net>
Date: 31 Mar 2003 00:40:08 -0500
Message-id: <1049089208.544.5.camel@silicon>
In-reply-to: <3E87B75B.8000505@oasis.net.au>
References: <3E87B75B.8000505@oasis.net.au>

On Sun, 2003-03-30 at 22:34, Rudi Starcevic wrote:
> Hi,
> 
> In my apache error log we have alot of request's for i) default.ida and 
> ii) cmd.exe
[...]
> I think all I can really do is use mod_rewrite to send these request to 
> another page,
> like a friendly page which tell's the hacker where to go ;-)

it is most likely a worm (nimda, code red, or one of their variants) and
not an actual person. if you're feeling ambitious, you could log these
hits and report them to the ISP they came from, so the ISP can contact
the owner of the machine and inform them that they are infected with a
worm of some sort. there are a number of scripts written that you can
set up to answer on those URLs to "hack back" and disable the machine
that's trying to infect you, but i don't suggest doing this, as doing so
will eventually get you in a lot of trouble.

-- 
Fred Smith <fps@dividedsky.net>
Divided Sky Internet

Reply to:

References:
- Apache to rewrite or not ..
  - From: Rudi Starcevic <rudi@oasis.net.au>

Prev by Date: Apache to rewrite or not ..
Next by Date: Unidentified subject!
Previous by thread: Apache to rewrite or not ..
Next by thread: Re: Apache to rewrite or not ..
Index(es):
- Date
- Thread