Disclaimer: Not my problem if you get in trouble for any of the below
Caveat Emptor; I wrote this program long long before this piece of news came out. I'm not stopping using it.
Here's the thing. I don't care that much about people's broken servers. But what I do care about is that I'm only on a 56k connection, and it really is using up a noticeable amount of bandwidth.
Download this script. Make sure I'm not doing anything you'd consider dangerous to your server.
Specifically, you probably want to
Then put it where your web server considers to be "/cgi-bin/killserver.cgi"
All those exploits generously donated by 213.122.172.87 which, you'll notice, is no longer serving webpages.
I have the following lines in my httpd.conf:
RedirectMatch (.*)cmd.exe(.*) /cgi-bin/killserver.cgi RedirectMatch (.*)root.exe(.*) /cgi-bin/killserver.cgi
Once again, I have no idea if it works or not, but if it does, it can only be a Good Thing(TM)
In the absence of that, I have this, older, script. Rename it to default.ida, and put something similar to:
Options ExecCGI AddHandler cgi-script .ida
Into your apache config for your top-level tree
The default.ida one only works for original Code Red; the one at the top works for all cmd.exe exploits tried on my server recently.
Note: This used to e-mail the site owner, but I took it out since said site owner clearly couldn't give a shit.
This page is and |
My Website Starts Here
This page last modified: 2003-06-26