From owner-freebsd-questions  Thu Sep 27 16: 8: 2 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by hub.freebsd.org (Postfix) with ESMTP id EAB2E37B40D
	for <freebsd-questions@FreeBSD.ORG>; Thu, 27 Sep 2001 16:07:53 -0700 (PDT)
Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP id 1A1432B70B
	for <freebsd-questions@FreeBSD.ORG>; Fri, 28 Sep 2001 01:07:51 +0200 (CEST)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id B5958268; Fri, 28 Sep 2001 09:07:45 +1000 (EST)
Date: Fri, 28 Sep 2001 09:07:45 +1000
From: Edwin Groothuis <edwin@mavetju.org>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Apache server log
Message-ID: <20010928090745.D482@k7.mavetju.org>
Mail-Followup-To: Edwin Groothuis <edwin@mavetju.org>,
	freebsd-questions@FreeBSD.ORG
References: <20010927152824.55499.qmail@web12501.mail.yahoo.com> <005801c14769$73498220$49e9b5ce@quasi> <20010927142147.B15312@acadia.ne.mediaone.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010927142147.B15312@acadia.ne.mediaone.net>; from leblanc+freebsd@acadia.ne.mediaone.net on Thu, Sep 27, 2001 at 02:21:48PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, Sep 27, 2001 at 02:21:48PM -0400, Louis LeBlanc wrote:
> On 09/27/01 11:30 AM, Marius Kirschner sat at the `puter and typed:
> > Yep, that's Nimda, alright.  Nothing you have to worry about if you run
> > a unix system.
> 
> Correct.  However, there's no reason you can't do something about it.
> You've heard of Apache::CodeRed?  Well, it's a mod_perl handler.  It
> handles the requests for default.ida by looking up the requesting IP
> and sending a warning to the web admin and abuse authorities as well
> as securityfocus.com.

I've created a Code Red & Nimda spammer, which does the same (sending
messages about it to the webadmin, abuse, postmaster and the
information coming from DNS and whois) but it isn't real-time.

See http://www.mavetju.org/networking/tools.phtml for it.

Edwin

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message