On Thu, 2001-10-04 at 12:08, Oliver Bleutgen wrote:
Hi,
I've put an object in Zope named default.ida and containing:
<dtml-call "RESPONSE.redirect('http://127.0.0.1')">
which seems to have stopped Code Red from being a problem. My next question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas?
Hmm, this is interesting. As Code Red/Nimda use their own "client" implementation AFAIK, it surprises me that they follow redirects. Are you sure that this really helped for Code Red? How do you measure if it helped? Are you sure you just don't see Code Red requests anymore because it just got extinguished by Nimda?
Code Red died, and CodeRed II had a built in expiration of October 1. Which is to say it will not start new processes after that date. by now, it should be dead, or at least by the end of the weekend.