Date: Sun, 23 Sep 2001 14:52:10 -0400 From: The Anarcat <anarcat@anarcat.dyndns.org> To: David G Andersen <danderse@cs.utah.edu> Cc: Ian Smith <smithi@nimnet.asn.au>, Chris Byrnes <chris@JEAH.net>, security@FreeBSD.ORG Subject: Re: New worm protection Message-ID: <20010923145210.C546@shall.anarcat.dyndns.org> In-Reply-To: <200109231818.f8NIIhl29053@faith.cs.utah.edu> References: <20010923141030.B546@shall.anarcat.dyndns.org> <200109231818.f8NIIhl29053@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--NKoe5XOeduwbEQHU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, 23 Sep 2001, David G Andersen wrote: > Sorry, should have mentioned that I have all .cgi files mapped > to executables. > > Have it map to your /cgi-bin like you want. I had cgi configuration problems. They're fixed. :) > Name the script nph-<whatever> instead of just <whatever>, which > tells the webserver that your script will generate ALL of the > headers. Then the script can just close, and the worm > won't get _any_ output from the webserver. Interesting. I didn't know of this feature. > Use RewriteRule, not RedirectMatch. RedirectMatch sends a redirect, > which is obviously not what you want. You want to internally=20 > rewrite the URL so it gets handled transparently. Then, the=20 > result is quite pleasing: >=20 > 131 eep:~/> telnet webby.angio.net 80 > Trying 206.197.119.138... > Connected to webby.angio.net. > Escape character is '^]'. > GET /scripts/cmd.exe? HTTP/1.0 >=20 > Connection closed by foreign host. >=20 > See? Very nice. :) Very nice indeed. I have the same result here now. :) Without the perl overhead. :) :) A. --NKoe5XOeduwbEQHU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjuuL1kACgkQttcWHAnWiGcipQCfdjLyAq5S39dvrHDU+s6kEGhu F94An18y8UO0IV4Too1BiyI0XAFE8pek =Q0/r -----END PGP SIGNATURE----- --NKoe5XOeduwbEQHU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010923145210.C546>