« 105700657995304426
Gargantua and Pantagruel »

Code Red Worm

When the Code Red worm attacks, it tries to access the file default.ida to propagate itself across Microsoft IIS servers.  The Nimda worm does the same thing, except it tries to access root.exe and/or cmd.exe.  My server, running Apache, is immune to these exploits, but my site returns a 404 page in response and consumes my bandwidth in the process.  I could create an empty file and redirect all results to this file, but I get a deeper, more smug satisfaction by sending these requests on to Microsoft.  Let the worm eat up their bandwidth; it’s their sloppy programming that caused the problem in the first place.

To do the same thing yourself, add the following RewriteRules to your httpd.conf file:

RewriteRule     ^(.*default\.ida.*)$    http://www.microsoft.com$1 [R]

RewriteRule     ^(.*root\.exe.*)$       http://www.microsoft.com$1 [R]

RewriteRule     ^(.*cmd\.exe.*)$        http://www.microsoft.com$1 [R]

For more information on using RewriteRules, consult the Apache documentation.

(I have no idea if the worms actually go to the redirected URLs.  Anyone know?)

Tue, 01 Jul 2003 17:47:50 -0500
Under complaints, computing, site
Comments feed | Trackback |
Log in

Your ad here for US$1/month.  Find out how.


Leave a Reply, but read first

  1. Feel free to leave replies even to very old posts.
  2. You have pretty much free rein to write whatever you like.  Just make it contentful and it will probably stay, even if you are abusing me.  Just:
  3. Don't bother spamming.  Your links are automatically tagged "nofollow".  You won't increase your Google rating.  Nobody will click them anyway.  Save us both some time.
  4. Advertising Policy: The URL field is for personal blogs, not commercial enterprises.  Have a valid website or product to advertise?  Those do get clicked, and it's cheap.  Click here to advertise.  Otherwise, your URL is subject to deletion at editor's discretion.