[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nimda

To: <afnog at afnog.org>
Subject: nimda
From: Joseph Begumisa <begj at eahd.or.ug>
Date: Sat, 22 Sep 2001 16:32:46 +0300 (EAT)
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: <afnog at afnog.org>
Sender: owner-afnog at uol.co.ug

I got this off the isp-linux list. It apparently seems to work.
It causes the infected machine to be redirected back upon itself. In the
past hour i have seen the attacks reduced to almost none.

RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
RedirectMatch (.*)\default.ida$ http://127.0.0.1
RedirectMatch (.*)\root.exe$ http://127.0.0.1

Stick it in the server directory container in httpd.conf/apache.conf
Restart apache


Joseph.







-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- Re: nimda
  - From: Randy Bush <randy at psg.com>
- Re: nimda
  - From: Bill Sangiwa <bsangiwa at twiga.com>

Prev by Date: Re: NIMDA Horror
Next by Date: Re: nimda
Prev by thread: Re: NIMDA Horror
Next by thread: Re: nimda
Index(es):
- Date
- Thread