North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What HTTP exploit?
Richard Welty [30/05/04 19:57 -0400]: > # control logging > SetEnvIf Request_URI "^/default.ida?" dontlog > SetEnvIf Request_Method "SEARCH" dontlog Nathan Torkington's vermicide helps - (needs mod_perl) srs # this goes into your httpd.conf file # # the push_handlers line below prevents logging of worm requests # remove that line if you want to know who's been contacting you <Perl> { package Apache::Vermicide; use Apache::Constants qw(:common :response); sub handler { my $r = shift; if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) { $r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST }); return BAD_REQUEST; } return DECLINED; } } </Perl> PerlPostReadRequestHandler Apache::Vermicide
|