Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'how aobut redirecting them ...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
how aobut redirecting them ...
Authored by: moyashi on Sep 21, '01 09:31:57AM

This isn't my code, I found it on a forum I visit ...

# trap CodeRed and send them away!
<Location /default.ida>
RewriteEngine On
RewriteRule /default.ida http://www.microsoft.com/ [L]
</Location>
# trap exploits of code-red compromized systems.
<Files "*.exe">
RewriteEngine On
RewriteRule . http://www.microsoft.com/ [L]
</Files>

The only thing is that I'm not sure if you'll be the referring agent or not. Then again I wonder If they'll notice if a mac sent it to them ;-)

This is definately not a nice thing to do but I'm sick and tired of all this already ... 1 hit per 3-6 seconds. I don't even want to leave my connection going when I'm working on my site -- through apache on my own desktop ...

I did try BrickHouse ... but I'm tired of trying to figure out a configuration that won't slow my connection speed ... and give me all kinds of problems visiting some sites.

Once, again this isn't my code and it's not really a nice thing to do ... period! But someone trying to hack your machine isn't nice either!

informational and personal enjoyment purposes ONLY !!!



[ Reply to This | # ]
how about redirecting them ...
Authored by: Toby Thain on Sep 27, '01 09:57:37AM
Good idea, but it can be accomplished more simply with the Redirect directive (see the Apache 1.3 documentation):
Redirect gone /default.ida
RedirectMatch gone .*c;.exe$
# or
Redirect permanent /default.ida http://www.microsoft.com/
RedirectMatch permanent .*c;.exe$ http://www.microsoft.com/
# as you prefer
I've decided on a different approach with my web server, which has many VirtualHost sites - set up a dummy VirtualHost as the default (first) server which will be a catch-all for requests to the server's numeric IP, and block all accesses to it. (All other VirtualHosts continue to serve requests normally.)

[ Reply to This | # ]
how about redirecting them ...(to themself)
Authored by: johnww2 on Jul 20, '02 04:39:12AM

I copied and pasted this bit suggested above into my httpd.conf on my linux box, and replaced "www.microsoft.com" with "localhost". I tested it from my Mac OS X machine and it redirects hits on /default.ida to my Mac OS X's webserver, so I'd say it works.

This will have the effect of causing the infected machine to redirect to itself, and is perhaps better than getting involved with redirection at the evil empire.

Here's the modified version:

RewriteEngine On 
RewriteRule /default.ida http://localhost/ [L]         

# trap exploits of code-red compromized systems. 

RewriteEngine On 
RewriteRule . http://localhost/ [L]         


[ Reply to This | # ]