[Zope] de-worming

marc lindahl marc@bowery.com
Wed, 03 Oct 2001 01:25:58 -0400


> From: Jack Coates <jack@monkeynoodle.org>
> 
> I've put an object in Zope named default.ida and containing:
> 
> <dtml-call "RESPONSE.redirect('http://127.0.0.1')">
> 
> which seems to have stopped Code Red from being a problem. My next

Great idea!  Using a DTML Method, I suppose?

> question is, how do I block Nimda? I need a wildcard or regexp document
> which will intercept any URL including "cmd.exe" or "root.exe". Any
> ideas?

The first thing it looks for is /scripts/root.exe -- I wonder what it does
if it finds it?  If it doesn't, it looks in 13 other places.  But maybe if
it finds the first one it's happy?  Perhaps the same redirect would make it
go away?