Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Apache help | ejbrever | UNIX for Dummies Questions & Answers | 2 | 08-24-2006 09:50 AM |
| Apache | ebethea27703 | UNIX for Dummies Questions & Answers | 1 | 05-18-2006 09:44 PM |
| Apache! | hassan2 | UNIX for Advanced & Expert Users | 1 | 08-07-2002 04:27 PM |
| Apache | Vijayanand | IP Networking | 1 | 07-02-2002 08:14 PM |
| Apache | henke | UNIX for Dummies Questions & Answers | 5 | 07-31-2001 02:16 PM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
02-03-2003
|
||||
|
||||
|
apache
on my webserver, and im sure many of you who also run one see this all the time, but the majority of my access log is filled with attempted exploits from computers compromised by some virus (NIMBDA?) and anyway i know this is harmless to an apache/linux webserver, but its annoying, anyway, on slashdot i saw this:
RedirectMatch permanent (.*)c+dir http://127.0.0.1/scripts/..%255c..%255cwinnt/syste m32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWind owsEx%201 to put in the .htaccess file, someone with more knowledge of .htaccess than me, please what does this do? it looks like it would try to execute the command on a windows machine to shut down the computer(exit windows) how does this work? and is it safe to include in my .htaccess file? thanks. |
|
02-04-2003
|
|||||
|
|||||
|
That does appear to be what it does...
While some people think it's only fair, it's of dubious legality since you're using the same exploit against them - It's better to just continue letting them fail, knowing that you won't be affected other than the relatively minor bandwidth consumption. If you redirect them, why not redirect them to a bandwidth-sucker of a web page, such as www.microsoft.com By the way, what it's doing is redirecting them to the exploit on their local machine, then calling the rundll32 executable to use a function in the specified DLL file that's called when the box logs itself out or reboots. I don't know exactly what happens when you try to log out a service, though - I wonder if it even works. Plus this will only work on an NT/2000 machine that has %systemroot% at C:\WINNT (although it does by default). Last edited by LivinFree; 02-04-2003 at 10:44 PM.. |
|
02-05-2003
|
||||
|
||||
|
i see. thanks for the responce. using that probably wouldnt be nice also to the person whos computer is infected and dosnt even know it. maybe even better would be redirecting them to a virus scanning software page. anyway, thanks livinfree
|
|
02-07-2003
|
|||||
|
|||||
|
Well, they wouldn't actually see any page you redirected them to... It's not a foreground process. Redirecting them to microsoft.com would, say, distribute bandwidth consumption in a slightly more fair way
 |
|
02-07-2003
|
|||||
|
|||||
|
We often configure our web servers to redirect web-based viruses back to the origin, defining 'origin' as:
Quote:
|
|
02-08-2003
|
||||
|
||||
|
hahahaha is all i can say to that! thanks for the info.
|
|
| Bookmarks |
| Tags |
| linux |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
