> You know what would be really cool? A worm that installed Linux and/or > Apache on those machines, while keeping all the previous settings, > such as the webroot, and publisher permissions, all that good stuff. > No, I didn't insinuate that it would be legal, not in the least, but > it would be cool! > > How about it? Anyone out there care to knock together a script that'll > pull IIS settings out of the registry, download and install Apache > with the same settings, disable IIS, spend (since I've already pulled > all this other crap out of my butt, lets see if we can find a number > also) 24 hours scanning for other vulnerable hosts, and then restart > the machine? I think the only big challenge would be converting SSL > settings, and maybe, ensuring the ASP files still work. Although, > isn't there a module for using ASP under Apache now? That is worse than infecting machines with a worm. Some people still don't know much about Apache. They'll just wake up one day and realize their server runs on different software, and reinstall IIS/Windows. That costs time and money (some people could even get fired because of this). It also creates lots of unnecessary confusion (i.e. people calling the FBI thinking they got hacked). What about proprietary database software that was specifically written for IIS? You'll just break things. The best solution is to educate people who use Microsoft products about security. Most of these nimda servers don't even run web pages. They're just DSL/cable hosts, where the owner decided to install windows on their computers, and doesnt have a clue that a webserver is running. The ISPs should be more responsive to complaints as well -- it shouldn't require the media to blow things out of proportion to make people aware of problems like these. Just my $0.01 on this thread (which has been discussed/debated a zillion times by now). -- Emre Yildirim, <insert job title here> emre.yildirimat_private | emreat_private
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 21:35:43 PDT