Gerryjun has asked for the wisdom of the Perl Monks concerning the following question:

This node falls below the community's threshold of quality. You may see it by logging in.

Replies are listed 'Best First'.
Re: Anomalous Log Entry
by ghost (Beadle) on Oct 04, 2001 at 21:00 UTC
    These are attempts to exploit the buffer over-run bug in IIS. If you're running Apache, don't worry about it. If you're running IIS, make sure you've patched your server. This is not Perl-related.
[reply]
Re: Anomalous Log Entry
by Fletch (Bishop) on Oct 04, 2001 at 21:55 UTC

    Yes, it's the Nimda thing that's the latest IIS fun. Unless you're daft enough to be running IIS you should be OK. If you're only slightly daft and running a patched IIS you're probably safe (until the next gaping hole comes along . . .).

[reply]
Re: Anomalous Log Entry
by tstock (Curate) on Oct 04, 2001 at 23:59 UTC
    With a couple redirects using RedirectMatch on your .htaccess file you can turn those '404's into redirects, to keep your error log clean(er).

    Ninda will follow redirects so point it somewhere like 127.0.0.1

[reply]
      Ninda will follow redirects so point it somewhere like 127.0.0.1

      Or maybe even http://microsoft.com/iis, eh?

      xoxo,
      Andy
      --
      <megaphone> Throw down the gun and tiara and come out of the float! </megaphone>

[reply]
        Or maybe even http://microsoft.com/iis, eh?

        Well, it's tempting, but I blame the owner of an IIS server that is attacking me more than Micorsoft.

        here's the code to put in .htaccess: 
        RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} system32/cmd.exe   [OR]
RewriteCond %{REQUEST_URI} (MSADC|scripts)/root.exe  [OR]
RewriteCond %{REQUEST_URI} ^/_vti
RewriteRule ^(.*)$         http://localhost/$1 [L,R=301]

        [download]
        This not only stops the Nimda worm, but others as well some future IIS exploits that may come.
[reply]
[d/l]

Back to Seekers of Perl Wisdom