[Zope] de-worming
Bill Anderson
bill@immosys.com
04 Oct 2001 20:15:41 -0600
On Thu, 2001-10-04 at 12:08, Oliver Bleutgen wrote:
> > Hi,
>
> > I've put an object in Zope named default.ida and containing:
>
> > <dtml-call "RESPONSE.redirect('http://127.0.0.1')">
>
> > which seems to have stopped Code Red from being a problem. My next
> > question is, how do I block Nimda? I need a wildcard or regexp document
> > which will intercept any URL including "cmd.exe" or "root.exe". Any
> > ideas?
>
> Hmm,
> this is interesting. As Code Red/Nimda use their own "client"
> implementation AFAIK, it surprises me that they follow redirects.
> Are you sure that this really helped for Code Red?
> How do you measure if it helped? Are you sure you just don't
> see Code Red requests anymore because it just got extinguished
> by Nimda?
>
Code Red died, and CodeRed II had a built in expiration of October 1.
Which is to say it will not start new processes after that date. by now,
it should be dead, or at least by the end of the weekend.