RE: Cracked cracker?
Thanks Kenneth,
Another possibility, if you just want to stop logging the pests, is to
put the following in the global section of your httpd.conf:
# Stop logging nimda requests, based on:
#http://lists.netfilter.org/pipermail/netfilter/2001-October/026587.html
#
SetEnvIfNoCase Request_URI /cmd.exe|/root.exe|/default.ida nimda
CustomLog /var/log/apache/access.log combined env=!nimda
# comment out next line to NOT log nimda requests
CustomLog /var/log/apache/nimda.log "%a %v %t %U" env=nimda
#
# suppress logging errors from serving 404s to the bastards:
<IfModule mod_alias.c>
RedirectMatch (.*)/root.exe http://not.nimda.friendly.invalid$1
RedirectMatch (.*)/cmd.exe http://not.nimda.friendly.invalid$1
RedirectMatch (.*)/default.ida http://not.nimda.friendly.invalid$1
</IfModule>
I have a line in there to log nimda requests to a seperate file, comment
it out if you don't want it. If you're maintaining seperate logs for
multiple VirtualHosts, repeat the CustomLog directive(s) for each one
(adjust your paths):
<VirtualHost *>
ServerName www.DOMAIN.TLD
ServerAlias DOMAIN.TLD
ServerAdmin webmaster@DOMAIN.TLD
DocumentRoot /var/www/DOMAIN.TLD/htdocs
UserDir disabled
#keep nimda out of access.log
CustomLog /var/www/DOMAIN.TLD/log/access.log combined env=!nimda
CustomLog /var/www/DOMAIN.TLD/log/nimda.log "%a %v %t %U" env=nimda
ErrorLog /var/www/DOMAIN.TLD/log/error.log
</VirtualHost>
I am going to do this today.
Best Wishes!
Mike Olds www.buddhadust.org
Reply to: