in reply to Re: Anomalous Log Entry
in thread Anomalous Log Entry

Ninda will follow redirects so point it somewhere like 127.0.0.1

Or maybe even http://microsoft.com/iis, eh?

xoxo,
Andy
--
<megaphone> Throw down the gun and tiara and come out of the float! </megaphone>

Replies are listed 'Best First'.
Re: Re: Re: Dealing with Ninda
by tstock (Curate) on Oct 05, 2001 at 02:41 UTC
    Or maybe even http://microsoft.com/iis, eh?

    Well, it's tempting, but I blame the owner of an IIS server that is attacking me more than Micorsoft.

    here's the code to put in .htaccess: 
    RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} system32/cmd.exe   [OR]
RewriteCond %{REQUEST_URI} (MSADC|scripts)/root.exe  [OR]
RewriteCond %{REQUEST_URI} ^/_vti
RewriteRule ^(.*)$         http://localhost/$1 [L,R=301]

    [download]
    This not only stops the Nimda worm, but others as well some future IIS exploits that may come.
[reply]
[d/l]

In Section Seekers of Perl Wisdom