Re: Apache to rewrite or not ..
On Mon, 31 Mar 2003 15:40, Fred Smith wrote:
> it is most likely a worm (nimda, code red, or one of their variants) and
> not an actual person. if you're feeling ambitious, you could log these
> hits and report them to the ISP they came from, so the ISP can contact
> the owner of the machine and inform them that they are infected with a
That's a bad idea.
If every Apache server was setup in such a fashion then the postmaster address
for every major ISP would become unusable, and therefore postmaster addresses
would become unusable.
If someone setup a central clearing-house for such things then it might work.
What you would need is for your server to notify a central server of the worm
infection. Once 10 or more machines from different AS's had reported an IP
address as being infected with a worm then it would be reported to the ISP
along with any other IP addresses in the same ISP's space. That way there
would be few false alarms, and the real reports would tend to have several IP
addresses reported at the same time.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: