Well one use for all these machines if port 80 is back up before all those infected are fixed, would be for someone who knows how to exploit the backdoor code red II leaves behind, to use them to perform a DOS attack on AT&T.
I hope I just gave someone with the knowledge to be able to do it a good idea:-)
Just kidding....sort of
Re:Perhaps REAL Damage will Fix the Problem
on
Code Red III
·
· Score: 1
It runs as a service without even an icon in the taskbar.
Re:Code Red (I,II,III) Fix for Apache webservers
on
Code Red III
·
· Score: 2, Funny
I tried redirecting it and it didn't work.:-)
Re:Perhaps REAL Damage will Fix the Problem
on
Code Red III
·
· Score: 1
I mentioned in another post that I personally know three people who were not even aware they were running servers.
They upgraded to win2k pro for the multi-tasking and stability and either somehow installed the server during installation or while playing around with "add/remove windows components"
Two of these three people are not stupid, but when you dont know a server is running it's difficult to patch it. I imagine if I know three cases there are probably thousands if not tens of thousands more.
I think the real stupidity was MS bundling it with the OS, they should have made it a seperate free download for people who knew they wanted it or at least made installing it much more difficult.
Microsoft has built a reputation on making windows idiot proof, but in this case have only proved themselves to be idiots.
I imagine if these people had been doing everything they should have to protect their systems they would have been running firewalls which might have been blocking port 80 but the majority of computer users don't and Microsoft should have anticipated this issue.
Re:I heard something -
on
Code Red III
·
· Score: 1
I hope it's been thoroughly beta tested? Or have 1, 2 and 3 been the beta test?:-)
Re:Terrorist Attack - persons to give up rights
on
Broadband Crackdown
·
· Score: 1
Excellent point I hadn't really thought of it that way. AT&T has become a willing accomplice of whoever wrote code red, together they have managed to remove tens of thousands of pages from the Internet. Denying millions of Americans access to those pages.
Now that they have shown themselves willing to buckle under to terrorist threats, how long will it be before someone targets AT&T for extortion whether for monetary or political reasons. Shame on you AT&T
I wonder how long AT&T considered this very important decision before making it. They really should have viewed this as a major (and very poor in my opinion) policy decision rather than simply a technical one.
AT&T always had the right to block port 80 since running servers was against their TOS, but doing it under these circumstances sets a very bad precedence.
Did they say you could run one or have they simply not enforced the TOS?
In my case they knew I was running a server and told me it was ok as long as it didn't cause bandwidth problems for my neighbors. To me throwing the TOS in my face now is like a store owner saying you can have free soda whenever you want and then having you arrested and thrown in jail for it...sorry I couldn't come up with a better anology:-)
Either enforce the TOS or don't but changing the rules when it suits you is wrong no matter how you look at it.
When I upgraded my parents machine to win2k the cable modem stopped working (cable modem supplied by them). I contacted them and was told to reinstall the software for it, which I did, still nothing. The next time I called they moved my call to tier 2 and the guy told me the same thing and I explained that I had done it, so he walked me through searching the CD for the win2k version of the software which wasn't there. I asked him if the software was available online and he told me it wasn't. If it were I could have gone home and downloaded it and then installed it. By now I was getting a little frustrated and asked the guy what he was going to do about it, his initial reply was that they may do nothing because I had upgraded myself when I should have had a professional install the software for me lol
At that point my father who is a city councilor and president of the local cable review board got on the phone and told the guy that it would be a shame if medione lost it's contract (in a city of 100,000 people) because they weren't able to help one customer.
The guy got his supervisor on the line and I took the phone back. She told me they would mail us the software we needed and it would be there within a week, since this was a Friday afternoon and they wouldn't be able to send it till Monday at the latest, that was the end of the conversation.
Needless to say my parents weren't terribly pleased that they would be without service for a week so I threw a free AOL disk in there machine to get them online, I then searched for the company name that made the cable modem, and too make an already long story shorter, found it, downloaded the software I needed, and had the machine back online in 15 minutes.
Oh by the way we still haven't received the software from mediaone 6 months later.:-)
That will work if the index.html is the only page people enter your site through but I have 150 pages and my hits are distributed amoung them.
If someone is looking for http://www.yoursite.com/whatever.html they will either end up nowhere or a 404 page, if the 404 page has a click here to go to the yoursite.com hompage that's a little better but in my experience if the person looking doesn't find the page they are looking for right away they wont search for it.
So once again I will repost my fix.
Change your server so it handles http requests through port 8080 (or whatever port you wish).
Then configure your dns pointers so that @ uses your server address
(more than likely you are already configured this way) ie: 65.96.68.10 in my case.
Now chatsearch.net points to me but won't connect on port 80, then configure www for URL forwarding to ie: http://chatsearch.net:8080/index1.html or whatever the page is since the Virtual Host manager doesn't work if you're redirecting. Now you're all set, http://www.yourdomain.xxx goes where you want it.
Of course people wont be able to connect to you without the www. but the vast majority of hits will still get through.
I don't know, at least as stupid as buying win2k server for alot more money (if you only need to run a small server) when win2k professional includes bundled server software, as I said in a previous post who would expect win2k pro to have server software bundled with it when they also have a version called win2k server
Most people who got win2k got it for the multitasking or for the stability.
Re:AT&T / Mediaone is blocking ALL HTTP GET REQUES
on
Broadband Crackdown
·
· Score: 1
No offense but that seems more complicated than my work around which didn't require anyone else doing anything, also I don't know enough about any of this to know if your fix is only good for unix based servers, mine is windows based "Sambar" I'll repeat it for those who missed it:-)
Change your server so it handles http requests through port 8080.
Then configure your dns pointers so that @ uses your server address
(more than likely you are already configured this way) ie: 65.96.68.10 in my case.
Now chatsearch.net points to me but won't connect on port 80, then configure www for URL forwarding to ie: http://chatsearch.net:8080/index1.html or whatever the page is since the Virtual Host manager doesn't work if you're redirecting. Now you're all set, http://www.yourdomain.xxx goes where you want it.
Of course people wont be able to connect to you without the www. but the vast majority of hits will still get through.
Unfortunately that isn't all it is....as I said in a previous post.
"Bundling server software with win2k was stupid, I know several people who werent even aware they were running servers until just the last few day, I guess they were just playing around with add/remove windows components and ended up installing the software which then ran as a service without their ever being aware of it, I imagine quite a few people are in that situation right now.
Microsoft could and should have made it a free download for those who knew they wanted it."
I suppose the argument could be made that people were stupid for playing with "add/remove windows components", but microsoft has in many ways gotten as big as they are by claiming their products are almost idiot proof. I guess this is proof they are the idiots.
Re:Why does anyone think this is even a problem?
on
Broadband Crackdown
·
· Score: 1
Well it wasn't a problem for me in fact I had most of my domains hosted remotely until I was told by a mediaone supervisor that running a server was fine as long as the bandwidth usage wasn't too high. (I was told this when they called me after an idiot ex-friend emailed them to try and get me shut down)
Since most of my domains were low bandwidth users I could save $70 per month by making them all local (most webhosting companies charge more for multiple domains so it wasn't ONLY $20)
I don't know about other people but my problem isn't with my isp, (other than that supervisor telling me running a server was ok) I don't see they had any other option than to wait for the entire system to go down, it's with Microsoft and people who don't know what they're doing running webservers.
In fact bundling server software with win2k was stupid, I know several people who werent even aware they were running servers until just the last few day, I guess they were just playing around with add/remove windows components and ended up installing the software which then ran as a service without their ever being aware of it, I imagine quite a few people are in that situation right now. Microsoft could and should have made it a free download for those who knew they wanted it.
I tried to make default.ida a redirect script forwarding it to someone I don't like but it didn't work. If it had it might have at least had some benefit:-)
Fairly decent Temp Fix for port 80 block
on
Broadband Crackdown
·
· Score: 1
This will get your server back up and running for the most part.
This may be info everyone knows already but I havent seen it posted.
Change your server so it handles http requests through port 8080.
Then configure your dns pointers so that @ uses your server address (more than likely you are already configured this way) ie:65.96.68.10 in my case. Now chatsearch.net points to me but won't connect on port 80, then configure www for URL forwarding to ie: http://chatsearch.net:8080/index1.html or whatever the page is since the Virtual Host manager doesn't work if you're redirecting. Now you're all set.
Of course people wont be able to connect to you without the www. but the vast majority of hits will still get through. At least until the next worm goes after that port and mediaone/AT&T/verizon/@home/excite or whover the hell they are blocks it as well.
They're Blocking me in Brockton. I was specifically told by a rep that while running a server was against the TOS that as long as none of my neighbors complained of a lack of bandwidth as a result of it there was no problem.
I think everyone who is running one needs to complain and threaten to terminate service, if they get only minimal complaints they may make this block permanant.
Cutting off port 80 (hahaha)
on
Code Redux
·
· Score: 1
I saw one comment saying mediaone had cut off port 80 on infected machine. Well they have cut it off on all machines at least in the.ne area.
I don't run iis I run sambar server so am not and never was in danger of infection. The really ridiculous part of blocking port 80 is that it has leaks my two servers have only received 16 connections since yesterday afternoon where my normal hits are around 2000 per day.
For those of you who don't know that was an attempt at infecting me. If I were running a vulnerable system I would now be infected so mediaone's efforts are a total waste of time, all the fools have managed to do is block all my legitimate traffic while still allowing code red in.
Slashdot Mirror
Well I got a hell of a deal then cause it came with my win2k pro :-)
Well one use for all these machines if port 80 is back up before all those infected are fixed, would be for someone who knows how to exploit the backdoor code red II leaves behind, to use them to perform a DOS attack on AT&T.
I hope I just gave someone with the knowledge to be able to do it a good idea
Just kidding....sort of
It runs as a service without even an icon in the taskbar.
I tried redirecting it and it didn't work.
I mentioned in another post that I personally know three people who were not even aware they were running servers.
They upgraded to win2k pro for the multi-tasking and stability and either somehow installed the server during installation or while playing around with "add/remove windows components"
Two of these three people are not stupid, but when you dont know a server is running it's difficult to patch it. I imagine if I know three cases there are probably thousands if not tens of thousands more.
I think the real stupidity was MS bundling it with the OS, they should have made it a seperate free download for people who knew they wanted it or at least made installing it much more difficult.
Microsoft has built a reputation on making windows idiot proof, but in this case have only proved themselves to be idiots.
I imagine if these people had been doing everything they should have to protect their systems they would have been running firewalls which might have been blocking port 80 but the majority of computer users don't and Microsoft should have anticipated this issue.
I hope it's been thoroughly beta tested?
Or have 1, 2 and 3 been the beta test?
Excellent point I hadn't really thought of it that way. AT&T has become a willing accomplice of whoever wrote code red, together they have managed to remove tens of thousands of pages from the Internet. Denying millions of Americans access to those pages.
Now that they have shown themselves willing to buckle under to terrorist threats, how long will it be before someone targets AT&T for extortion whether for monetary or political reasons. Shame on you AT&T
I wonder how long AT&T considered this very important decision before making it.
They really should have viewed this as a major (and very poor in my opinion) policy decision rather than simply a technical one.
AT&T always had the right to block port 80 since running servers was against their TOS, but doing it under these circumstances sets a very bad precedence.
Did they say you could run one or have they simply not enforced the TOS?
In my case they knew I was running a server and told me it was ok as long as it didn't cause bandwidth problems for my neighbors.
To me throwing the TOS in my face now is like a store owner saying you can have free soda whenever you want and then having you arrested and thrown in jail for it.
Either enforce the TOS or don't but changing the rules when it suits you is wrong no matter how you look at it.
Their tech support people don't know shit.
When I upgraded my parents machine to win2k the cable modem stopped working (cable modem supplied by them). I contacted them and was told to reinstall the software for it, which I did, still nothing.
The next time I called they moved my call to tier 2 and the guy told me the same thing and I explained that I had done it, so he walked me through searching the CD for the win2k version of the software which wasn't there. I asked him if the software was available online and he told me it wasn't. If it were I could have gone home and downloaded it and then installed it.
By now I was getting a little frustrated and asked the guy what he was going to do about it, his initial reply was that they may do nothing because I had upgraded myself when I should have had a professional install the software for me lol
At that point my father who is a city councilor and president of the local cable review board got on the phone and told the guy that it would be a shame if medione lost it's contract (in a city of 100,000 people) because they weren't able to help one customer.
The guy got his supervisor on the line and I took the phone back. She told me they would mail us the software we needed and it would be there within a week, since this was a Friday afternoon and they wouldn't be able to send it till Monday at the latest, that was the end of the conversation.
Needless to say my parents weren't terribly pleased that they would be without service for a week so I threw a free AOL disk in there machine to get them online, I then searched for the company name that made the cable modem, and too make an already long story shorter, found it, downloaded the software I needed, and had the machine back online in 15 minutes.
Oh by the way we still haven't received the software from mediaone 6 months later.
That will work if the index.html is the only page people enter your site through but I have 150 pages and my hits are distributed amoung them.
If someone is looking for http://www.yoursite.com/whatever.html they will either end up nowhere or a 404 page, if the 404 page has a click here to go to the yoursite.com hompage that's a little better but in my experience if the person looking doesn't find the page they are looking for right away they wont search for it.
So once again I will repost my fix.
Change your server so it handles http requests through port 8080 (or whatever port you wish).
Then configure your dns pointers so that @ uses your server address (more than likely you are already configured this way) ie: 65.96.68.10 in my case.
Now chatsearch.net points to me but won't connect on port 80, then configure www for URL forwarding to ie: http://chatsearch.net:8080/index1.html or whatever the page is since the Virtual Host manager doesn't work if you're redirecting. Now you're all set, http://www.yourdomain.xxx goes where you want it.
Of course people wont be able to connect to you without the www. but the vast majority of hits will still get through.
How stupid do you have to be?
I don't know, at least as stupid as buying win2k server for alot more money (if you only need to run a small server) when win2k professional includes bundled server software, as I said in a previous post who would expect win2k pro to have server software bundled with it when they also have a version called win2k server
Most people who got win2k got it for the multitasking or for the stability.
Still working for me on port 8080
No offense but that seems more complicated than my work around which didn't require anyone else doing anything, also I don't know enough about any of this to know if your fix is only good for unix based servers, mine is windows based "Sambar" I'll repeat it for those who missed it
Change your server so it handles http requests through port 8080.
Then configure your dns pointers so that @ uses your server address (more than likely you are already configured this way) ie: 65.96.68.10 in my case.
Now chatsearch.net points to me but won't connect on port 80, then configure www for URL forwarding to ie: http://chatsearch.net:8080/index1.html or whatever the page is since the Virtual Host manager doesn't work if you're redirecting. Now you're all set, http://www.yourdomain.xxx goes where you want it.
Of course people wont be able to connect to you without the www. but the vast majority of hits will still get through.
Unfortunately that isn't all it is....as I said in a previous post.
"Bundling server software with win2k was stupid, I know several people who werent even aware they were running servers until just the last few day, I guess they were just playing around with add/remove windows components and ended up installing the software which then ran as a service without their ever being aware of it, I imagine quite a few people are in that situation right now. Microsoft could and should have made it a free download for those who knew they wanted it."
I suppose the argument could be made that people were stupid for playing with "add/remove windows components", but microsoft has in many ways gotten as big as they are by claiming their products are almost idiot proof. I guess this is proof they are the idiots.
Well it wasn't a problem for me in fact I had most of my domains hosted remotely until I was told by a mediaone supervisor that running a server was fine as long as the bandwidth usage wasn't too high. (I was told this when they called me after an idiot ex-friend emailed them to try and get me shut down)
Since most of my domains were low bandwidth users I could save $70 per month by making them all local (most webhosting companies charge more for multiple domains so it wasn't ONLY $20)
I don't know about other people but my problem isn't with my isp, (other than that supervisor telling me running a server was ok) I don't see they had any other option than to wait for the entire system to go down, it's with Microsoft and people who don't know what they're doing running webservers.
In fact bundling server software with win2k was stupid, I know several people who werent even aware they were running servers until just the last few day, I guess they were just playing around with add/remove windows components and ended up installing the software which then ran as a service without their ever being aware of it, I imagine quite a few people are in that situation right now.
Microsoft could and should have made it a free download for those who knew they wanted it.
I tried to make default.ida a redirect script forwarding it to someone I don't like but it didn't work. If it had it might have at least had some benefit :-)
This will get your server back up and running for the most part.
This may be info everyone knows already but I havent seen it posted.
Change your server so it handles http requests through port 8080.
Then configure your dns pointers so that @ uses your server address
(more than likely you are already configured this way) ie:65.96.68.10 in my case.
Now chatsearch.net points to me but won't connect on port 80, then configure www for URL forwarding to ie: http://chatsearch.net:8080/index1.html or whatever the page is since the Virtual Host manager doesn't work if you're redirecting. Now you're all set.
Of course people wont be able to connect to you without the www. but the vast majority of hits will still get through.
At least until the next worm goes after that port and mediaone/AT&T/verizon/@home/excite or whover the hell they are blocks it as well.
They're Blocking me in Brockton. I was specifically told by a rep that while running a server was against the TOS that as long as none of my neighbors complained of a lack of bandwidth as a result of it there was no problem.
I think everyone who is running one needs to complain and threaten to terminate service, if they get only minimal complaints they may make this block permanant.
I saw one comment saying mediaone had cut off port 80 on infected machine. Well they have cut it off on all machines at least in the .ne area.
X XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801% u9090%" 0 "-" "-"
I don't run iis I run sambar server so am not and never was in danger of infection. The really ridiculous part of blocking port 80 is that it has leaks my two servers have only received 16 connections since yesterday afternoon where my normal hits are around 2000 per day.
The following is a sample of the 16 hits.
[08/Aug/2001:06:00:49 -0400] myservername 65.96.70.231 "" GET 404 "/default.ida" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
For those of you who don't know that was an attempt at infecting me. If I were running a vulnerable system
I would now be infected so mediaone's efforts are a total waste of time, all the fools have managed to do is block all my legitimate traffic while still allowing code red in.