Date: Fri, 14 Jan 2005 17:32:15 +0100 From: "Colin J. Raven" <colin@kenmore.kozy-kabin.nl> To: Duo <duo@digitalarcadia.net> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Odd (alarming) http log exerpt Message-ID: <20050114172221.S802@kenmore.kozy-kabin.nl> In-Reply-To: <Pine.OSX.4.61.0501141019520.28528@valkyrie.local> References: <20050114140441.G802@kenmore.kozy-kabin.nl> <Pine.OSX.4.61.0501141019520.28528@valkyrie.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 14 at 10:22, Duo suggested this hysterically funny remedy: > On Fri, 14 Jan 2005, Colin J. Raven wrote: > >> I noticed something extremely odd this morning in my http access log. >> There's the usual activity, then suddenly this (about a hundred lines >> are snipped) > > Yeah, someone is trying a M$ DAV exploit. I get these alot, along with nimda > attempts. > >> >> Is there anything within...say httpd.conf..that I could do to prevent >> this..or curtail it before it grows to such an enormous size. > > Why, yes there is! For the low low price of FREE, here is something you can > do for fun and giggles. > > <IfModule mod_rewrite.c> > RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com > RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com > </IfModule> > > This will redirect these lovely attacks back to Microsoft, the bearers of > these fine gifts in the first place. It's my fun way of giving back to them, > for all they have given to me... Hallelujah! Give that man a cigar! I thought the FBI suggestion was incredibly neat, but this has a certain zen-like perfection to it. Woohoo....what an ace idea. > Wasted diskspace from engorged logfiles, filled with this crap. =) Errrr, yes indeed. My logfile from yesterday was an unbelieveable 2.2 MB. This is a home web server which (as was pointed out overnight) isn't exactly <ahem> overworked. I was ever so slightly taken aback when I saw the filesize this morning. May your goats and camels enjoy long lives, and bear many offspring. Warm Regards & thanks, -Colin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050114172221.S802>