Odd (alarming) http log exerpt
Colin J. Raven
colin at kenmore.kozy-kabin.nl
Fri Jan 14 09:34:33 PST 2005
On Jan 14 at 10:22, Duo suggested this hysterically funny remedy:
> On Fri, 14 Jan 2005, Colin J. Raven wrote:
>
>> I noticed something extremely odd this morning in my http access log.
>> There's the usual activity, then suddenly this (about a hundred lines
>> are snipped)
>
> Yeah, someone is trying a M$ DAV exploit. I get these alot, along with nimda
> attempts.
>
>>
>> Is there anything within...say httpd.conf..that I could do to prevent
>> this..or curtail it before it grows to such an enormous size.
>
> Why, yes there is! For the low low price of FREE, here is something you can
> do for fun and giggles.
>
> <IfModule mod_rewrite.c>
> RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
> RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
> </IfModule>
>
> This will redirect these lovely attacks back to Microsoft, the bearers of
> these fine gifts in the first place. It's my fun way of giving back to them,
> for all they have given to me...
Hallelujah! Give that man a cigar!
I thought the FBI suggestion was incredibly neat, but this has a certain
zen-like perfection to it. Woohoo....what an ace idea.
> Wasted diskspace from engorged logfiles, filled with this crap. =)
Errrr, yes indeed. My logfile from yesterday was an unbelieveable 2.2
MB. This is a home web server which (as was pointed out overnight) isn't
exactly <ahem> overworked. I was ever so slightly taken aback when I saw
the filesize this morning.
May your goats and camels enjoy long lives, and bear many offspring.
Warm Regards & thanks,
-Colin
More information about the freebsd-questions
mailing list