发信人: weekend(笨刚)
整理人: hackerbay(2002-09-06 16:48:52), 站内信件
|
这两个病毒大肆扩张,unix的机器和apache也遭到他的大量攻击测试,log里充斥着含有/winnt/system32/cmd.exe等的访问记录,烦死,也浪费硬盘空间和影响分析log。加入下面的脚本到httpd.conf就可以忽略他们的访问了。我是windows的apache上测试的,对FreeBSD或Linux等,请稍做修改。
# add by Weekend Sun Jul 2, 2002
SetEnvIf Request_URI "/winnt/system32/cmd\.exe" dontlog
SetEnvIf Request_URI "/scripts/root\.exe" dontlog
SetEnvIf Request_URI "/MSADC/root\.exe" dontlog
SetEnvIf Request_URI "/\.\." dontlog
SetEnvIf Request_URI "\.\./" dontlog
SetEnvIf Request_URI " /msadc/" dontlog
SetEnvIf Request_URI "/c/winnt/" dontlog
SetEnvIf Request_URI "/d/winnt/" dontlog
SetEnvIf Request_URI "/scripts/" dontlot
SetEnvIf Request_URI "/_vti_bin/" dontlog
SetEnvIf Request_URI "/_mem_bin/" dontlog
SetEnvIf Remote_Addr "61\.144\.33\.1" dontlog
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
#把要忽略的ip列出来(在列表里的ip的访问该web server时,将不被记录)
RedirectMatch (.*)/(scripts|root.exe|cmd.exe|default.ida).* /index.htm
SetEnvIf Request_URI "/(root.exe|cmd.exe|default.ida)" dontlog
CustomLog "C:\Program Files\Apache Group\Apache\logs\access.log" combined env=!dontlog
# End worm stuff
----
Lonely Planet----Waiting...
|
|