I see these all the time myself and to turn the server into a black hole when it comes to exploitable code is a interesting idea. Blocking the NOP operation by blocking x90 does that pretty nicely on its own, however you could also block a jmp/mov instruction if you really wanted to be 'safe', but some users like using hex values for things, so its a trade off since people tend to move to other service providers when they find out there current one doesn't allow the input needed by there favorite script.
Perhaps switching 'http://www.microsoft.com' from that howto with 'localhost' would be even more interesting; But from a legal standpoint the water is murky on that scale. - D On 7 Jun 2004 at 16:41, Dena Whitebirch wrote: > > I was getting pounded by these too and am wondering though if it worried > anyone else that we might be considered to be attacking Microsoft by > doing this rewrite? Might there be a similar way to just 'stop' them like > sending them to /dev/null or something? > > > http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en > > Regards, > > Dena A. Whitebirch > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
