On Tue, Sep 18, 2001 at 08:05:50PM -0400, Homer Wilson Smith wrote: > If any one has the proper entries in the apache 1.3.20 > config file to block the gets to Admin.dll, root.exe and cmd.exe, > I would appreciate knowing about them. Been playing with > <FilesMatch> and <DirectoryMatch> but they only seem to work > IF the directory path actually exists on the machine. > We are being swamped here. Huh??? What are you trying to accomplish? If you don't have them, you are going to return an error and nothing you can configure in Apache will prevent the worm from requesting them. How, exactly, to do you propose to "block them"? The "mod_telpathy" module has not even made it to alpha test, so how are you going to detect and block the requests before they are made? > Homer > ------------------------------------------------------------------------ > Homer Wilson Smith Clean Air, Clear Water, Art Matrix - Lightlink > (607) 277-0959 A Green Earth and Peace. Internet Access, Ithaca NY > homerat_private Is that too much to ask? http://www.lightlink.com [...] > > > More infectation routes: > > > The worm, upon infecting a new host, goes through all the > > > shared directories and their subdirecories and plants the > > > following files in each dir: > > > sample.nws > > > sample.eml > > > desktop.eml > > > desktop.nws This is through network shares and drives. [...] Mike -- Michael H. Warfield | (770) 985-6132 | mhwat_private (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 19:17:40 PDT