Domain: dasbistro.com
Stories and comments across the archive that link to dasbistro.com.
Comments · 13
-
Re:I've always wondered...
I think you're referring to the fix for Code Red 2 written by Sam Phillips. This article makes passing mention of it: http://www.securityfocus.com/infocus/1515
Google for http://www.dasbistro.com/default.ida and you'll see it referenced a few places. -
Re:DSpam with qmail / vpopmail
COMPLETE COPY OF NETSKY VIRUS
Make the mail admin install the qmail-send.mimeheaders patch -- it causes bounces to bounce back only the headers of email with MIME attachments. As google provides, my qmail patchlist is quite long, actually.
:-)I'm moving over to Postfix these days -- it seems to do everything qmail does but without the need to recompile every time I want a change.
-
Re:Well at least this is better then what AT&T
Road Runner in Central Florida has done the same thing. Don't know if it includes the rest of the country.
At first I didn't know if they'd blocked just me, to stop the constant flood of email from my auto-notifier :-) -
Legal Ramifications of Retaliation
Ok, i've got servers that are getting hit thousands of times by the same ip's. i've been probed 2500 times in the past couple of days by one in particular.
I've contacted my network colo persons, and they have "opened a trouble ticket" and contacted their admins about the problem...
nothing.
i have been increasingly leaning towards using the wonderful perl script found on DasBistro that someone already posted. i'm thinking of writing a php version (shouldn't be too hard...)
BUT
if i shut down some machine that is pounding on my server are there really legal ramifications? i've seen some posts claiming so, but i haven't seen a consensus.
I'm also contemplating writing a reverse virus that will worm into a codered/nimda/whatever infected box and apply patches etc... but not spread itself further to avoid creating network problems.
any ramifications of that?
anybody?
i hate to have to resort to that but i've been probed 3000 times in the past 5 minutes!!!!!
This has got to stop!!! -
Re:Been done
-
Re:Been done
-
Re:Bleah...my firewall logs all of this...
Actually, @Home has a plan to stop this for their customers; they're going to go out of business, cutting them all off the net.
:-)
Seriously, most large providers are completely ignoring this problem. UUNet blew off my auto-notifier (I'm using the DasBistro one) and then sent me a customer service satisfaction survey. Needless to say, I rated them "0" in every category... -
Strikeback script
Please note this Code Red Strikeback script. If you can, install it! Don't forget to add default.txt with it, so other can download it from you too.
This is good thing.
Yeah, and BTW, if somebody will rewrite it in PHP it'll be good too: I can not put executable cgi in my www directory...
-
Re:rude link on main page.
There is no way for that link to shut down or restart your machine. If you look at the script, it just prints a message if you link to it as default.ida. You have to have a query string for it to attempt to shut down IIS. And how's it gonna reboot your machine anyways, if it's already shut down IIS? That script obviously hasn't actually been tested
:) (and it's not like it'd be terribly difficult to test if you had a NT box around... put IIS on it and wait a couple of minutes and I'm sure someone'll send it Code Red. Set your firewall to block outgoing packets on port 80 from that machine so it won't infect other machines). -
Re:rude link on main page.
There is no way for that link to shut down or restart your machine. If you look at the script, it just prints a message if you link to it as default.ida. You have to have a query string for it to attempt to shut down IIS. And how's it gonna reboot your machine anyways, if it's already shut down IIS? That script obviously hasn't actually been tested
:) (and it's not like it'd be terribly difficult to test if you had a NT box around... put IIS on it and wait a couple of minutes and I'm sure someone'll send it Code Red. Set your firewall to block outgoing packets on port 80 from that machine so it won't infect other machines). -
Re:rude link on main page.
There is no way for that link to shut down or restart your machine. If you look at the script, it just prints a message if you link to it as default.ida. You have to have a query string for it to attempt to shut down IIS. And how's it gonna reboot your machine anyways, if it's already shut down IIS? That script obviously hasn't actually been tested
:) (and it's not like it'd be terribly difficult to test if you had a NT box around... put IIS on it and wait a couple of minutes and I'm sure someone'll send it Code Red. Set your firewall to block outgoing packets on port 80 from that machine so it won't infect other machines). -
Well that's not very nice...of you Michael, to post a link to this page. You ought to be ashamed of yourself. Now if only you'd linked to it correctly, maybe it would have worked. Like this mwahahaha...
Gee, Apache doesn't seem effected by it...
-
Well that's not very nice...of you Michael, to post a link to this page. You ought to be ashamed of yourself. Now if only you'd linked to it correctly, maybe it would have worked. Like this mwahahaha...
Gee, Apache doesn't seem effected by it...