Hi, I've put an object in Zope named default.ida and containing: <dtml-call "RESPONSE.redirect('http://127.0.0.1')"> which seems to have stopped Code Red from being a problem. My next question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas? thanks, -- Jack Coates Monkeynoodle: A Scientific Venture...
On Tue, Oct 02, 2001 at 09:21:22PM -0700, Jack Coates wrote:
I've put an object in Zope named default.ida and containing:
<dtml-call "RESPONSE.redirect('http://127.0.0.1')">
which seems to have stopped Code Red from being a problem. My next question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas?
You could try the Redirector product: http://www.zope.org/Members/djay/Redirector1_1 or you could create an Access Rule that sniffs the request before traverse. -- Martijn Pieters | Software Engineer mailto:mj@zope.com | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------
On Wed, 3 Oct 2001, Martijn Pieters wrote:
On Tue, Oct 02, 2001 at 09:21:22PM -0700, Jack Coates wrote:
I've put an object in Zope named default.ida and containing:
<dtml-call "RESPONSE.redirect('http://127.0.0.1')">
which seems to have stopped Code Red from being a problem. My next question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas?
You could try the Redirector product:
http://www.zope.org/Members/djay/Redirector1_1
or you could create an Access Rule that sniffs the request before traverse.
I ended up using the Redirector, which works fairly well. Two issues do remain: It can't do underscores in the first space of a name, so there's no blocking of _vti_bin or _mem_bin. It continues to log all the activity, only with 401 instead of 404. Thanks for the tip! -- Jack Coates Monkeynoodle: A Scientific Venture...
From: Jack Coates <jack@monkeynoodle.org>
I've put an object in Zope named default.ida and containing:
<dtml-call "RESPONSE.redirect('http://127.0.0.1')">
which seems to have stopped Code Red from being a problem. My next
Great idea! Using a DTML Method, I suppose?
question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas?
The first thing it looks for is /scripts/root.exe -- I wonder what it does if it finds it? If it doesn't, it looks in 13 other places. But maybe if it finds the first one it's happy? Perhaps the same redirect would make it go away?
On Wed, 3 Oct 2001, marc lindahl wrote:
From: Jack Coates <jack@monkeynoodle.org>
I've put an object in Zope named default.ida and containing:
<dtml-call "RESPONSE.redirect('http://127.0.0.1')">
which seems to have stopped Code Red from being a problem. My next
Great idea! Using a DTML Method, I suppose?
DTML document -- I actually just finished writing this up, so have a look at http://www.monkeynoodle.org/comp/deworming.html
question is, how do I block Nimda? I need a wildcard or regexp document which will intercept any URL including "cmd.exe" or "root.exe". Any ideas?
The first thing it looks for is /scripts/root.exe -- I wonder what it does if it finds it? If it doesn't, it looks in 13 other places. But maybe if it finds the first one it's happy? Perhaps the same redirect would make it go away?
No such luck, it goes ahead and tries every last one of them. -- Jack Coates Monkeynoodle: A Scientific Venture...
participants (3)
-
Jack Coates -
marc lindahl -
Martijn Pieters