[Webinar] Streamline your web hosting managementRegister Today


How to prevent macilious scripts like cgitelnet or remview??

Posted on 2003-03-23
Medium Priority
Last Modified: 2008-02-01
Hi !
may i have a excellent answers ??
Question by:pulhas
  • 2

Expert Comment

ID: 8207190
Not sure what those are but for IIS unicode attacks I do:
That theory should work for any http request you can think of.. It redirects it back to themselves.  Of course, most of these attacks (attempts) are happening unbeknownest to the user due to a viruse, etc..

So, every so often I'll go through my apache logs and find the stuff that is obviously malicious and add it here.

# This is for stupid IIS attacks...
RedirectMatch /scripts/ http://localhost/scripts/..%c1%2f../winnt/system32/cmd.exe?/c+dir
RedirectMatch /c/ http://localhost/c/winnt/system32/cmd.exe?/c+dir
RedirectMatch /d/ http://localhost/d/winnt/system32/cmd.exe?/c+dir
RedirectMatch /_vti_bin/ http://localhost/_vti_bin/..%255c../..%255c../..%255c/winnt/system32/cmd.exe?/c+dir
RedirectMatch /_mem_bin/ http://localhost/_mem_bin/..%255c../..%255c../..%255c/winnt/system32/cmd.exe?/c+dir
RedirectMatch /msadc/ http://localhost/MSADC/root.exe?/c+dir
RedirectMatch /MSADC/ http://localhost/MSADC/root.exe?/c+dir
LVL 51

Expert Comment

ID: 8211835
do have iptables running also?
then you can kill these request right before the get to httpd ;-)

Author Comment

ID: 8216149
do you understand what i mean??/
LVL 51

Accepted Solution

ahoffmann earned 900 total points
ID: 8216479
> do you understand what i mean?
well, "prevent macilious scripts" could mean anything, for example
  + calling such a script via URL
  + posting it vi HTTP header
  + just having the script name in any tcp/ip packet
it's up to you to clarify what you mean

But if you meant that Apache should prevent executeing such a script on the server or the client, then the answer is simple: no, Apache can not.

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses
Course of the Month11 days, 12 hours left to enroll

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question