[Zope] de-worming

Jack Coates jack@monkeynoodle.org
Wed, 3 Oct 2001 21:41:29 -0700 (PDT)


On Wed, 3 Oct 2001, marc lindahl wrote:

>
>
> > From: Jack Coates <jack@monkeynoodle.org>
> >
> > I've put an object in Zope named default.ida and containing:
> >
> > <dtml-call "RESPONSE.redirect('http://127.0.0.1')">
> >
> > which seems to have stopped Code Red from being a problem. My next
>
> Great idea!  Using a DTML Method, I suppose?

DTML document -- I actually just finished writing this up, so have a
look at http://www.monkeynoodle.org/comp/deworming.html

>
> > question is, how do I block Nimda? I need a wildcard or regexp document
> > which will intercept any URL including "cmd.exe" or "root.exe". Any
> > ideas?
>
> The first thing it looks for is /scripts/root.exe -- I wonder what it does
> if it finds it?  If it doesn't, it looks in 13 other places.  But maybe if
> it finds the first one it's happy?  Perhaps the same redirect would make it
> go away?
>

No such luck, it goes ahead and tries every last one of them.

-- 
Jack Coates
Monkeynoodle: A Scientific Venture...