in reply to Anomalous Log Entry

With a couple redirects using RedirectMatch on your .htaccess file you can turn those '404's into redirects, to keep your error log clean(er).

Ninda will follow redirects so point it somewhere like 127.0.0.1

Replies are listed 'Best First'.
Re: Re: Dealing with Nimda
by petdance (Parson) on Oct 05, 2001 at 00:04 UTC
    Ninda will follow redirects so point it somewhere like 127.0.0.1

    Or maybe even http://microsoft.com/iis, eh?

    xoxo,
    Andy
    --
    <megaphone> Throw down the gun and tiara and come out of the float! </megaphone>

[reply]
      Or maybe even http://microsoft.com/iis, eh?

      Well, it's tempting, but I blame the owner of an IIS server that is attacking me more than Micorsoft.

      here's the code to put in .htaccess: 
      RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} system32/cmd.exe   [OR]
RewriteCond %{REQUEST_URI} (MSADC|scripts)/root.exe  [OR]
RewriteCond %{REQUEST_URI} ^/_vti
RewriteRule ^(.*)$         http://localhost/$1 [L,R=301]

      [download]
      This not only stops the Nimda worm, but others as well some future IIS exploits that may come.
[reply]
[d/l]

In Section Seekers of Perl Wisdom