[Zope] de-worming

Oliver Bleutgen Oliver Bleutgen <myzope@gmx.net>
Thu, 4 Oct 2001 20:08:35 +0200


> Hi,

> I've put an object in Zope named default.ida and containing:

> <dtml-call "RESPONSE.redirect('http://127.0.0.1')">

> which seems to have stopped Code Red from being a problem. My next
> question is, how do I block Nimda? I need a wildcard or regexp document
> which will intercept any URL including "cmd.exe" or "root.exe". Any
> ideas?

Hmm,
this is interesting. As Code Red/Nimda use their own "client"
implementation AFAIK, it surprises me that they follow redirects.
Are you sure that this really helped for Code Red?
How do you measure if it helped? Are you sure you just don't
see Code Red requests anymore because it just got extinguished
by Nimda?

cheers,
oliver