Date: Fri, 14 Jan 2005 10:22:06 -0600 (CST) From: Duo <duo@digitalarcadia.net> To: "Colin J. Raven" <colin@kenmore.kozy-kabin.nl> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Odd (alarming) http log exerpt Message-ID: <Pine.OSX.4.61.0501141019520.28528@valkyrie.local> In-Reply-To: <20050114140441.G802@kenmore.kozy-kabin.nl> References: <20050114140441.G802@kenmore.kozy-kabin.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Jan 2005, Colin J. Raven wrote: > I noticed something extremely odd this morning in my http access log. > There's the usual activity, then suddenly this (about a hundred lines > are snipped) Yeah, someone is trying a M$ DAV exploit. I get these alot, along with nimda attempts. > > Is there anything within...say httpd.conf..that I could do to prevent > this..or curtail it before it grows to such an enormous size. Why, yes there is! For the low low price of FREE, here is something you can do for fun and giggles. <IfModule mod_rewrite.c> RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com </IfModule> This will redirect these lovely attacks back to Microsoft, the bearers of these fine gifts in the first place. It's my fun way of giving back to them, for all they have given to me... Wasted diskspace from engorged logfiles, filled with this crap. =) -- Duo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSX.4.61.0501141019520.28528>