Continued... I have found no obvious work on fixes yet... Resolve: Time to fix this annoyance and be done with it. Request: Need a "Simple" set of *instructions* to "paste" a line to apache/etc server control settings so that other individuals who are running an apache/etc server may cease "attacks" on their boxes. Basicly, I request from the community a simple set of 1.2.3.4.. style instructions which will allow apache/etc admins to redirect the /stupid.ida requests to a cgi or another operation (Cgi easiest to implement) which will then both report the assault to a central server (mine) and send a sequence of infallable retaliation worms (or multiple instances of one) to the 'evil' box (simple cgi open socket/etc) and therefore target and cease the moronic box's noise. Additionally, this design would require a 'heavy' server which accepts connections via tcpip GET on port 80 (known pass-through for fwall due to problem itself) of a simple report, most probibly /aa.bb.cc.dd/ee.ff.gg.hh or similar reporting that a..d has been fixed by e..h ... log of all connection feeds would be sufficient, need box. This is problematic, as us-fed and international authorities may percieve this logging operation as authorization to attack *it* as a threat...(idiots) This bullshit shall not be tolerated, therefore I suggest and request a server be made available in a politicly and logisticly neutral realm. Havenco have any interest in testing available bw/connection capability? Anyone else? ... I shall personally produce both a basic cgi and a revision of this VERY LOW QUALITY worm code for distribution shortly, unless someone informs that such has already been completed. Note, the quality of the code is horrible, im not gonna optimize it, but it's just VERY badly written. Too bad the origin cant even code an attack correctly, more bad is the fact that SOMEONE cant even code an os/server correctly... Oh well. The motivation is to both squelch by voluntary operation (from script-capable servers) any hostile attacks on these private boxes, but also neutralize quickly this annoyance. It will be expected that the next generation of annoyances will eliminate the file-crosscheck mechanisms, and will thus require a complete system penetration to disable and isolate the server... Sorry M$hit, but your failures warrent elimination of your products by force. Your failures threaten the operation of the global data infrastructure, we eliminate your software from operation (since it has already been disabled prior this conflict)... We may tend to this as it comes... Resolve: Assuming noone has completed this task, I will tend to coding this basic fix now, and hopefully someone will come forward with a central logging system capable of post-process analysis review. Additionally, it will be requested that all isp/datasec admins allow full outgoing packet flow to this target box/array for single-direction reporting. It is probible that a large number of "firewalled" failures in corporate networks are creating additional annoyances, all requiring fix. The cgi response script, if utilized, can have the option of reporting, reporting what, etc for compatibility with security issues. As for the wh.gov attack... I could care less. If these morons and their excess of IC and technical resources can not come up with such a basic fix and remedy, why should we care about their interests? Moronics not tolerated. So... Can someone please prepare an instruction of how to set apache and other servers up to route /*n.threat requests to a cgi/script/module/etc so we can immediately release this remedy... Im sick of the level of stupidity in this world. Time to start replacing the failed components. -Wilfred L. Guerin Wilfred@Cryogen.com .
Wilfred L. Guerin wrote:
Can someone please prepare an instruction of how to set apache and other servers up to route /*n.threat requests to a cgi/script/module/etc so we can immediately release this remedy...
Add the following lines to httpd.conf: <Location /default.ida*> Deny from all ErrorDocument 403 http://stable.host.foo/abuse-log.cgi </Location> Replace http://stable.host.foo/abuse-log.cgi with the abuse logger. Make sure to include the full URL in the ErrorDocument statement.
participants (2)
-
None
-
Wilfred L. Guerin