Hi Brian,

One method is to prevent these requests reaching your apache server at
all. Have a look at
http://articles.linuxguru.net/view/120?PHPSESSID=c0a80203zXzX
which discusses this exact problem and solves it by filtering IP packets
based on string matching. This requires netfilter and a more recent
kernel (> 2.4.9). Another recent article is from Security Focus, found
at http://www.securityfocus.com/infocus/1531.

The method I currently use (I'm running ipchains and kernel 2.2) is to
redirect these requests to an Apache error page which then runs a script
and blocks the offending IP using ipchains. This at least keeps the
error out of my error_log and prevents further requests from hitting my
server.

The relevant part of my httpd.conf file is

# Do not do anything for Code Red Attacks and the like
RedirectMatch 415 (.*)\.id[aq]$
RedirectMatch 415 (.*)\cmd.exe$
RedirectMatch 415 (.*)\root.exe$
ErrorDocument 415 /cgi-bin/notfound.cgi

I hope this helps or gives you some ideas.

Martin

On Mon, 2002-01-28 at 02:49, Brian Clifton wrote:
> Dear All
>
> Is there a way to stop apache responding to .exe file requests
altogether?
>
> I am getting fed up with my error_log file being filled by nimbda and
we don't host any .exe files!! I have been monitoring
> it since the summer and the number of nimbda type entries appears to
have started to go up again since xmas...
>
> Any thoughts greatly appreciated...
>
> Thanks in advance, Brian
>
>
> =============================================================
> Omega Digital Media Ltd
>
> I N T E G R A T E D W E B S O L U T I O N S
>
> Phone: +44 (0) 1444 410202
> Fax: +44 (0) 1444 412909
>
> http://www.omegadm.co.uk
> =============================================================
> Cuckfield House, High Street, Cuckfield, West Sussex RH17 5EL
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]