apache


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers apache
# 1  
Old 02-03-2003
apache

on my webserver, and im sure many of you who also run one see this all the time, but the majority of my access log is filled with attempted exploits from computers compromised by some virus (NIMBDA?) and anyway i know this is harmless to an apache/linux webserver, but its annoying, anyway, on slashdot i saw this:
RedirectMatch permanent (.*)c+dir http://127.0.0.1/scripts/..%255c..%255cwinnt/syste m32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWind owsEx%201

to put in the .htaccess file, someone with more knowledge of .htaccess than me, please what does this do? it looks like it would try to execute the command on a windows machine to shut down the computer(exit windows) how does this work? and is it safe to include in my .htaccess file? thanks.
# 2  
Old 02-04-2003
That does appear to be what it does...
While some people think it's only fair, it's of dubious legality since you're using the same exploit against them - It's better to just continue letting them fail, knowing that you won't be affected other than the relatively minor bandwidth consumption. If you redirect them, why not redirect them to a bandwidth-sucker of a web page, such as www.microsoft.com

By the way, what it's doing is redirecting them to the exploit on their local machine, then calling the rundll32 executable to use a function in the specified DLL file that's called when the box logs itself out or reboots. I don't know exactly what happens when you try to log out a service, though - I wonder if it even works. Plus this will only work on an NT/2000 machine that has %systemroot% at C:\WINNT (although it does by default).

Last edited by LivinFree; 02-04-2003 at 10:44 PM..
# 3  
Old 02-05-2003
i see. thanks for the responce. using that probably wouldnt be nice also to the person whos computer is infected and dosnt even know it. maybe even better would be redirecting them to a virus scanning software page. anyway, thanks livinfree
# 4  
Old 02-07-2003
Well, they wouldn't actually see any page you redirected them to... It's not a foreground process. Redirecting them to microsoft.com would, say, distribute bandwidth consumption in a slightly more fair way Smilie
# 5  
Old 02-07-2003
We often configure our web servers to redirect web-based viruses back to the origin, defining 'origin' as:

Quote:
A very large software company that is very very rich and powerful, historically has very poor security and is the source of all these classes of virii. -Neo
# 6  
Old 02-08-2003
hahahaha is all i can say to that! thanks for the info.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Red Hat

Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-la

Have no idea on what the below error message is: Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-launcher.jar org.apache.tools.ant.launch.Launcher -buildfile build.xml dist. Any help? (3 Replies)
Discussion started by: gull05
3 Replies

2. Web Development

Apache module development on apache 2.2

Hi, I'm new to developing modules for Apache. I understand the basics now and can develop something simple which allows a 'GET' request to happen, but what I want to do is actually 'POST' information to my site. I know the basic POST Request works and I can see that it is post by looking at... (2 Replies)
Discussion started by: fishman2001
2 Replies

3. UNIX for Dummies Questions & Answers

Apache help

Hi, I am new to unix and am trying to determine if apache is installed on my server. Is there a command to determine the running version or if it is even installed. I appreciate your help. Thanks, Eric (2 Replies)
Discussion started by: ejbrever
2 Replies

4. UNIX for Advanced & Expert Users

Apache

I am tring to configure Apache so that it displays the ip address of users browsing the web in the header. mod_header is installed on my apache as default. I tried including the following in httpd.conf file but no joy Header set remoteip %{REMOTE_ADDR} I have also tried Header add... (3 Replies)
Discussion started by: hassan2
3 Replies

5. IP Networking

Apache

I want to have multiple domains to be configured in apache web server on redhat linux can i have that without DNS server being configured. What all i have to do for that.What all to configure ? please note that i need to access the site by its name not by IP . I want this in a LAN . I dont... (4 Replies)
Discussion started by: Vijayanand
4 Replies

6. IP Networking

Apache

I want to have multiple domains to be configured in apache web server on redhat linux can i have that without DNS server configured. What all i have to do for that.What all to configure ? And importantly i want the site be accessed by name rather IP address. Please help me ... (1 Reply)
Discussion started by: Vijayanand
1 Replies

7. IP Networking

Apache

I want to have multiple domains to be configured in apache web server on redhat linux Please help me Vijay (2 Replies)
Discussion started by: Vijayanand
2 Replies

8. UNIX for Dummies Questions & Answers

Apache!

How do you tell which apache version is currently running. the situation is that I got multiply httpd.conf files on a solaris 2.6 server and I need to tell which version is what? I have checked the httpd.conf but no joy Thanks in Advance (3 Replies)
Discussion started by: hassan2
3 Replies

9. UNIX for Dummies Questions & Answers

apache

how must httpd.conf be configured to exec the php files? (2 Replies)
Discussion started by: user666
2 Replies
Login or Register to Ask a Question