On Fri, 14 Jan 2005, Colin J. Raven wrote:
I noticed something extremely odd this morning in my http access log. There's the usual activity, then suddenly this (about a hundred lines are snipped)
Yeah, someone is trying a M$ DAV exploit. I get these alot, along with nimda attempts.
Is there anything within...say httpd.conf..that I could do to prevent this..or curtail it before it grows to such an enormous size.
Why, yes there is! For the low low price of FREE, here is something you can do for fun and giggles.
<IfModule mod_rewrite.c> RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com </IfModule>
This will redirect these lovely attacks back to Microsoft, the bearers of these fine gifts in the first place. It's my fun way of giving back to them, for all they have given to me...
Wasted diskspace from engorged logfiles, filled with this crap. =)
-- Duo _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
