|
|
Also entries with NNNNNNNNNNN...
The entries with NNNNNN instead of XXXXXXXX in them are from the original version of Code Red, which became active again on August 1.
The XXXXXXX entries are of a newer strain of the worm, which apart from using a large number of X's to force the buffer overflow in IIS (instead of N's) doesn't seem different. As for warning infected parties about their infections: there are so many that it becomes a bit of a chore very soon. I thought about writing a quick PHP script that parses the IP adres of the server making the request, and then sending a mail message warning of their infection to abuse@the_offending_ip_address but still haven't found the time yet. It would be trivial to write such a simple script, name it default.ida (the file the Code Red worm tries to access on your server), put it in the server root, and change /etc/httpd/httpd.conf so that ".ida" files will be recognized as PHP files (to make sure the script actually gets executed). |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|