Now I'm annoyed at stupid cmd.exe things

Disclaimer: Not my problem if you get in trouble for any of the below

Caveat Emptor; I wrote this program long long before this piece of news came out. I'm not stopping using it.

Here's the thing. I don't care that much about people's broken servers. But what I do care about is that I'm only on a 56k connection, and it really is using up a noticeable amount of bandwidth.

Download this script. Make sure I'm not doing anything you'd consider dangerous to your server.

Specifically, you probably want to

  1. Remove the line that writes to my mortal on my dumb terminal whenever someone hits it.
  2. Change the bit that says "chunky.dyndns.org" to something that relates to you. I'd actually recommend you rewrite the whole IP-address-working-out-bit to something that works_for_you(TM). Note: as user nobody, ifconfig only returns the "lo" interface.

Then put it where your web server considers to be "/cgi-bin/killserver.cgi"

All those exploits generously donated by 213.122.172.87 which, you'll notice, is no longer serving webpages.

I have the following lines in my httpd.conf:

RedirectMatch (.*)cmd.exe(.*) /cgi-bin/killserver.cgi
RedirectMatch (.*)root.exe(.*) /cgi-bin/killserver.cgi

Once again, I have no idea if it works or not, but if it does, it can only be a Good Thing(TM)

In the absence of that, I have this, older, script. Rename it to default.ida, and put something similar to:

Options ExecCGI
AddHandler cgi-script .ida

Into your apache config for your top-level tree

The default.ida one only works for original Code Red; the one at the top works for all cmd.exe exploits tried on my server recently.

Note: This used to e-mail the site owner, but I took it out since said site owner clearly couldn't give a shit.

Gary (-;
<[email protected]>


This page is  Valid HTML 4.01 and  Valid CSS

My Website Starts Here

This page last modified: 2003-06-26