[ILUG] Bloody script kiddies

AJ McKee aj at nevermindthebollox.com
Fri Nov 16 16:20:23 GMT 2001 

I had the same problem and found a nice way around it. Unfortuantly the legal 
dept would not let me do it as Apache would take the request but then try to 
acces the remote host which was expolited and shut it down. Instead I have 
done this



#############################################################################
#      Configure Server to Redirect Known Internet Worms                    #
#############################################################################
redirect /scripts http://www.internetwormsarelame.commy.pinkiy.die
redirect /MSADC http://www.internetwormsarelame.commy.pinkiy.die
redirect /c http://www.internetwormsarelame.commy.pinkiy.die
redirect /d http://www.internetwormsarelame.commy.pinkiy.die
redirect /_mem_bin http://www.internetwormsarelame.commy.pinkiy.die
redirect /msadc http://www.internetwormsarelame.commy.pinkiy.die
RedirectMatch (.*)\cmd.exe$ http://www.internetwormsarelame.commy.pinkiy.die
RedirectMatch (.*)\*.ida$ http://www.internetwormsarelame.commy.pinkiy.die
#############################################################################


Cheers 
AJ

On Friday 16 November 2001  9:50 am, Smith, Graham - Computing Technician 
wrote:
> I admin mostly windows boxes - i assume most organisations
> have a combination of operating systems. In most organisations
> any linux boxes are normally used only for server operations
> rather than workstation duties. Its the same in
>
> For all linux's good points - a lot of people (users) still
> insist on having windows. In here as in most colleges they
> tend to teach students through windows based applications.
> If somebody wants to run a module in a course of MS Office
> applications they dont care how good OpenOffice or AbiWord
> are.
>
> Some less informed people are just so blinded. Here are some
> of the phrases i've heard before from managers etc in various
> organisations and companies i've dealt with:
>
> "but we need windows because its easy for users",
> "we have to use MS Access because its an industry standard",
> "well NT4 works well, if it aint broke dont fix it"
> "we'd have to retrain all our users to use that system"
> "but linux isnt well supported" (companies like to have people they
> can blame/sue if stuff screws up)
>
> Personally I dont believe Linux is ready for the desktop for
> a lot of people yet. In fact some people believe linux should be kept
> secret and away from the reaches of "normal" non-nerds lest
> if become too fluffy and windowsy. To some extent i can see that
> happening - the popularity of KDE/Gnome over less Windows looking
> desktops like WindowMaker (my personal favourite), Afterstep and
> Enlightenment
>
> Its an interesting topic... all the support for windows stuff isnt free
> and isnt shared like the ilug community. Unless you count some stuff like
> Microsoft Knowledge Base for example....
>
> G.
>
> ___________________________
>  Graham Smith,
>  Network Administrator,
>  Department of Computing,
>  Institute of Technology,
>  Tallaght, Dublin 24
>  Phone: + 353 (01) 4042840
>
> -----Original Message-----
> From: Justin MacCarthy [mailto:macarthy at iol.ie]
> Sent: 16 November 2001 14:43
> To: ilug at linux.ie
> Subject: RE: [ILUG] Bloody script kiddies
>
>
> For anyone of you that has the good forture or admining NT boxes , look at
> "securing windows NT/2000 server " by Oreilly really good guide of the
> lovely task of securing NT /WIN2000 boxes
>
> To be Recommended
>
> BTW I have 7 NT boxes hosted co-lo'ed in the USA for huge amount of money
> per month. The default installations of NT / 2000 , we got in the beginning
> were the least hardened boxes I've ever seen. Dreadful.I mean ever if the
> cmd.exe was ACLed !!!!.I think that NT admins are just lazy in comparision
> to their *nix counterparts. That plus it much harder to remotely admin NT
> boxes , but this has improved with termial services....
>
> Are there many of you on the ILUG admin both wondoze and linux ? Is there a
> Ireland windoze user group or mailing list???
>
> Justin
>
> -----Original Message-----
> From: ilug-admin at linux.ie [mailto:ilug-admin at linux.ie]On Behalf Of Niall
> O Broin
> Sent: Friday, November 16, 2001 2:23 PM
> To: ilug at linux.ie
> Subject: [ILUG] Bloody script kiddies
>
>
> Just had a look in the log file to which accesses to one of my web server
> box's IP address goes i.e. requests not to one of the hosted domains. Since
> Sept. there have been 23000+ attempts to get cmd.exe to do something and
> 4000+ attempts to find root.exe, and this is just on one lonely little box.
> I wonder do script kiddies' attempts now use up more bandwidth than porn ?
>
> And do some poor suckers actually have IIS boxes configured in such a way
> that you can execute arbitray commands just by calling cmd.exe ?
>
>
>
> Niall
>
> --
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie

More information about the ILUG mailing list