[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Cracked cracker?

Thanks Kenneth,

Another possibility, if you just want to stop logging the pests, is to 
put the following in the global section of your httpd.conf:


# Stop logging nimda requests, based on:
#http://lists.netfilter.org/pipermail/netfilter/2001-October/026587.html
#
SetEnvIfNoCase Request_URI /cmd.exe|/root.exe|/default.ida nimda
CustomLog /var/log/apache/access.log combined env=!nimda
# comment out next line to NOT log nimda requests
CustomLog /var/log/apache/nimda.log "%a %v %t %U" env=nimda
#
# suppress logging errors from serving 404s to the bastards:
<IfModule mod_alias.c>
  RedirectMatch (.*)/root.exe http://not.nimda.friendly.invalid$1
  RedirectMatch (.*)/cmd.exe http://not.nimda.friendly.invalid$1
  RedirectMatch (.*)/default.ida http://not.nimda.friendly.invalid$1
</IfModule>


I have a line in there to log nimda requests to a seperate file, comment 
it out if you don't want it. If you're maintaining seperate logs for 
multiple VirtualHosts, repeat the CustomLog directive(s) for each one 
(adjust your paths):


<VirtualHost *>
     ServerName www.DOMAIN.TLD
     ServerAlias DOMAIN.TLD
     ServerAdmin webmaster@DOMAIN.TLD
     DocumentRoot /var/www/DOMAIN.TLD/htdocs
     UserDir disabled
     #keep nimda out of access.log
     CustomLog /var/www/DOMAIN.TLD/log/access.log combined env=!nimda
     CustomLog /var/www/DOMAIN.TLD/log/nimda.log "%a %v %t %U" env=nimda
     ErrorLog /var/www/DOMAIN.TLD/log/error.log
</VirtualHost>


I am going to do this today.

Best Wishes!
Mike Olds www.buddhadust.org
Reply to: