Hi,guys
I've been trying to find a way to block the codered attacks on my apache server and prevent the request of been logged on my access and error.log
i dont want to ignore the request but stop it and prevent em of been logged
i found the solution below but its not working with apache 2.0.45
so if any of you can gime a hand i appreciated.
my sys inf.
Apache 2.0.45
windows Adv server
modperl 1.99_09-dev
=========================================
This one is called module vermicide
<Perl >
{
package Apache::Vermicide;
use Apache::Constants qw(:common :response);
sub handler {
my $r = shift;
if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) {
$r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST });
return BAD_REQUEST;
}
return OK;
}
}
</Perl >
PerlPostReadRequestHandler Apache::Vermicide
==============================================
This one is called module VirusLogZapper
I've been following this thread for a while and have adapted the
various posts to build what I think is the minimal module to
eliminate the logging and terminate the response from apache asap.
This is very similar to Apache::Vermicide (thank you!))
The handler is inserted at the first point where apache
<location> directives can be used.
#########################################
# trap exploits of nimda & code-red compromised systems.
# version 1.06 9-20-01 <EMAIL: PROTECTED>
<perl>
{
package Apache::VirusLogZapper;
use Apache::Constants qw(:common :response);
my $ERRORLOG = 1;
sub handler {
my $r = shift;
if ($ERRORLOG) {
$r->uri =~ /(cmd\.exe|root\.exe|default\.ida)/;
$r->log_error(__PACKAGE__, ' ',
$r->get_remote_host, ' ' ,$1);
}
$r->push_handlers(PerlLogHandler => sub {return DONE});
return DONE;
}
}
</perl>
<LocationMatch (cmd.exe|root.exe|default.ida)>
SetHandler perl-script
PerlHeaderParserHandler Apache::VirusLogZapper
</LocationMatch>
#########################################
I put all this in a small include file called 'virus.pl' and include
it in the httpd.conf file with a single line
Include /usr/local/apache/conf/virus.pl
I've been trying to find a way to block the codered attacks on my apache server and prevent the request of been logged on my access and error.log
i dont want to ignore the request but stop it and prevent em of been logged
i found the solution below but its not working with apache 2.0.45
so if any of you can gime a hand i appreciated.
my sys inf.
Apache 2.0.45
windows Adv server
modperl 1.99_09-dev
=========================================
This one is called module vermicide
<Perl >
{
package Apache::Vermicide;
use Apache::Constants qw(:common :response);
sub handler {
my $r = shift;
if ($r->uri() =~ /root\.exe|cmd\.exe|default\.ida/i) {
$r->push_handlers(PerlLogHandler => sub { return BAD_REQUEST });
return BAD_REQUEST;
}
return OK;
}
}
</Perl >
PerlPostReadRequestHandler Apache::Vermicide
==============================================
This one is called module VirusLogZapper
I've been following this thread for a while and have adapted the
various posts to build what I think is the minimal module to
eliminate the logging and terminate the response from apache asap.
This is very similar to Apache::Vermicide (thank you!))
The handler is inserted at the first point where apache
<location> directives can be used.
#########################################
# trap exploits of nimda & code-red compromised systems.
# version 1.06 9-20-01 <EMAIL: PROTECTED>
<perl>
{
package Apache::VirusLogZapper;
use Apache::Constants qw(:common :response);
my $ERRORLOG = 1;
sub handler {
my $r = shift;
if ($ERRORLOG) {
$r->uri =~ /(cmd\.exe|root\.exe|default\.ida)/;
$r->log_error(__PACKAGE__, ' ',
$r->get_remote_host, ' ' ,$1);
}
$r->push_handlers(PerlLogHandler => sub {return DONE});
return DONE;
}
}
</perl>
<LocationMatch (cmd.exe|root.exe|default.ida)>
SetHandler perl-script
PerlHeaderParserHandler Apache::VirusLogZapper
</LocationMatch>
#########################################
I put all this in a small include file called 'virus.pl' and include
it in the httpd.conf file with a single line
Include /usr/local/apache/conf/virus.pl