Re: apache and nimbda

From: Richard Huffman (huffmanr@retail.si.edu)
Date: 01/29/02


Date: Tue, 29 Jan 2002 04:27:11 -0500
From: "Richard Huffman" <huffmanr@retail.si.edu>
To: <brian@omegadm.co.uk>, <focus-linux@securityfocus.com>


*
 When code red hit I put the following in my httpd.conf, right before where the ScriptAlias directives are placed:
 
 Redirect permanent /scripts/ http://127.0.0.1/
 Redirect permanent /_vti_bin/ http://127.0.0.1/
 Redirect permanent /_mem_bin/ http://127.0.0.1/
 Redirect permanent /c/winnt/ http://127.0.0.1/
 Redirect permanent /d/winnt/ http://127.0.0.1/
 Redirect permanent /msadc/ http://127.0.0.1/
 Redirect permanent /MSADC/ http://127.0.0.1/
 Redirect permanent /default.ida http://127.0.0.1/
 
You could add:
 
Redirect permanent *.exe http://127.0.0.1/

Just remember not to put up any self-extracting archives on your site. :)
 
The worm won't turn on itself but it does solve the error log problem.

>>> "Brian Clifton" <brian@omegadm.co.uk> 01/28/02 15:56 PM >>>
Dear All

Is there a way to stop apache responding to .exe file requests altogether?