?
Solved

How to prevent macilious scripts like cgitelnet or remview??

Posted on 2003-03-23
4
Medium Priority
?
266 Views
Last Modified: 2008-02-01
Hi !
may i have a excellent answers ??
0
Comment
Question by:pulhas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Expert Comment

by:irieiam
ID: 8207190
Not sure what those are but for IIS unicode attacks I do:
That theory should work for any http request you can think of.. It redirects it back to themselves.  Of course, most of these attacks (attempts) are happening unbeknownest to the user due to a viruse, etc..

So, every so often I'll go through my apache logs and find the stuff that is obviously malicious and add it here.

# This is for stupid IIS attacks...
RedirectMatch /scripts/ http://localhost/scripts/..%c1%2f../winnt/system32/cmd.exe?/c+dir
RedirectMatch /c/ http://localhost/c/winnt/system32/cmd.exe?/c+dir
RedirectMatch /d/ http://localhost/d/winnt/system32/cmd.exe?/c+dir
RedirectMatch /_vti_bin/ http://localhost/_vti_bin/..%255c../..%255c../..%255c/winnt/system32/cmd.exe?/c+dir
RedirectMatch /_mem_bin/ http://localhost/_mem_bin/..%255c../..%255c../..%255c/winnt/system32/cmd.exe?/c+dir
RedirectMatch /msadc/ http://localhost/MSADC/root.exe?/c+dir
RedirectMatch /MSADC/ http://localhost/MSADC/root.exe?/c+dir
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 8211835
do have iptables running also?
then you can kill these request right before the get to httpd ;-)
0
 

Author Comment

by:pulhas
ID: 8216149
do you understand what i mean??/
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 900 total points
ID: 8216479
> do you understand what i mean?
well, "prevent macilious scripts" could mean anything, for example
  + calling such a script via URL
  + posting it vi HTTP header
  + just having the script name in any tcp/ip packet
it's up to you to clarify what you mean

But if you meant that Apache should prevent executeing such a script on the server or the client, then the answer is simple: no, Apache can not.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month10 days, 4 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question