Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Block Windows worms from your server Apps
I found Little Dutch Moose (a shareware utility) on Versiontracker, downloaded it and installed it. If you're running apache on OS X, it adds a system preference pane that automatically adds IPs to the built-in firewall if the IP asks for certain files or directories (system32, WINNT,etc) which are characteristic of Windows worm viruses - things like "Nimda" and "Code Red", for example. By blocking IPs from these infected hosts, your bandwidth is saved for actually serving your pages.

Nice interface and logs. In addition to shutting out some bandwidth hogs, it makes my referrer log and error log cleaner.

Anyway, thought you should know.
    •    
  • Currently 2.20 / 5
  You rated: 3 / 5 (5 votes cast)
 
[2,860 views]  

Block Windows worms from your server | 3 comments | Create New Account
Click here to return to the 'Block Windows worms from your server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Manually?
Authored by: Jay on Feb 06, '02 02:23:02PM

There's got to be a way to do this from the command line. Any unix folks want to surface to answer this?



[ Reply to This | # ]
Manually?
Authored by: randydarden on Feb 06, '02 03:25:14PM

I've been meaning to set something like this on my Quadra700 running OpenBSD. Nothing like having to remove all those worm lines when you're looking through your web server logs.

I'm off to Google...



[ Reply to This | # ]
Manually?
Authored by: Thom on Feb 21, '02 10:55:18PM

Welp, I have Apache set up on my machine to serve the ErrorDocument for 404 as a script called ad_snarfer.php. I use this in conjunction with the custom hosts file hack (google: "OS X" hosts file) to see what ad links are trying to pull up -- off of my machine. ;)

You can also set up a server alias for '/' to run whatever document you'd like as well...

Using PHP, it would not be that hard to ereg match those code red worm 'known bad urls' against the request string, and if you got a match, issue a system command to add that host's IP to the ip firewall or whatever.



[ Reply to This | # ]