New IIS worm

To: <debian-security@lists.debian.org>
Subject: New IIS worm
From: Emmanuel Valliet <emmanuel.valliet@webmotion.com>
Date: Tue, 18 Sep 2001 18:43:07 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0109181831270.8235-100000@arf>

I know we don't care on linux, but I have reallly a lot of hits from
machine querying for the ..%%35c../winnt/system32/cmd.exe and Cie.
And it starts to make a lot of apache childs, and the global charge
grows consequently.
Is there a way to protect from that ?
Using an apache configuration trick ?
Or blacklisting and using some firewall rules behind ?
If anyone knows how to do, or has already done the script that kicks
these infected servers, it could interest me...

-- 
VALLIET Emmanuel       !   http://www.webmotion.com
Webmotion Inc.         !   mailto:emmanuel.valliet@webmotion.com
Famous last words - Jesus Christ: Father, beam me up.

Reply to:

Follow-Ups:
- Re: New IIS worm
  - From: Emmanuel Valliet <emmanuel.valliet@webmotion.com>

Prev by Date: Re: [SECURITY] [DSA 076-1] New most packages available
Next by Date: Re: [SECURITY] [DSA 076-1] New most packages available
Previous by thread: Re: [SECURITY] [DSA 076-1] New most packages available
Next by thread: Re: New IIS worm
Index(es):
- Date
- Thread