Redirect Worms Away

Grab this articles

<h1>Redirect Worms Away</h1><p> <br /><br /> My site is hosted on an Apache web server. Why is that? Because,<br /><br /> in my humble opinion, Microsoft's IIS web server is in no way<br /><br /> qualified to service internet web sites (it is excellent as an<br /><br /> intranet and applications server, however). Another reason is<br /><br /> the vast number of security issues that seem to pop up day after<br /><br /> day.<br /><br /> <br /><br /> In point of fact, the Gartner Group has recommended "that<br /><br /> businesses hit by both Code Red and Nimda immediately<br /><br /> investigate alternatives to IIS, including moving Web<br /><br /> applications to Web server software from other vendors such as<br /><br /> iPlanet and Apache".<br /><br /> <br /><br /> <a href="http://www4.gartner.com/DisplayDocument?doc_cd=101034" target="bago">http://www4.gartner.com/DisplayDocument?doc_cd=101034</a><br /><br /> <br /><br /> But what about those of us who are already hosting their sites<br /><br /> on Apache servers? I've seen lots of articles about how to<br /><br /> protect, detect, cleanse and prevent the worms from attacking<br /><br /> IIS servers. While the worms do not penetrate Apache security,<br /><br /> they do cause damage.<br /><br /> <br /><br /> Some of the damage includes:Server logs get filled with junk -<br /><br /> The Nimda worm alone created over 20,000 entries in a 2 day<br /><br /> period in my log files.<br /><br /> <br /><br /> The server is made very busy - This is especially true if you've<br /><br /> got a custom 404 error page, as I do. This means that every time<br /><br /> the worm attempts a penetration, then entire 404 page is<br /><br /> returned (in my case, that's about 40k). That adds up to a lot<br /><br /> of wasted bandwidth.<br /><br /> <br /><br /> I thought about this issue for a while after examining my logs<br /><br /> and seeing thousands of 404 errors from attempted worm<br /><br /> penetrations. Surely there was a way to at least reduce the<br /><br /> impact of these things? As I saw the 404 error count increase, I<br /><br /> realized that a significant portion of the bandwidth that I was<br /><br /> paying for was being thrown away.<br /><br /> <br /><br /> An examination of the log files produced several thousand<br /><br /> attempts at each of the following URLs. Obviously each of these<br /><br /> is the address of a possible weakness in an IIS server.<br /><br /> <br /><br /> /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe<br /><br /> /c/winnt/system32/cmd.exe /d/winnt/system32/cmd.exe<br /><br /> /scripts/..%2f../winnt/system32/cmd.exe<br /><br /> /scripts/..%c1%9c../winnt/system32/cmd.exe<br /><br /> /scripts/..%%35%63../winnt/system32/cmd.exe /scripts/<br /><br /> .%%35c../winnt/system32/cmd.exe<br /><br /> /scripts/..%c0%2f../winnt/system32/cmd.exe<br /><br /> /scripts/..%c0%af../winnt/system32/cmd.exe /MSADC/root.exe<br /><br /> <br /><br /> The Apache web server provides a feature called .htaccess, which<br /><br /> provides commands to control a web site. This file is very<br /><br /> obscure and extremely useful when used properly. You have to be<br /><br /> careful when editing .htaccess files, as a small mistake can<br /><br /> make your web site stop working. What I like to do is<br /><br /> immediately test the site to be sure it works.<br /><br /> <br /><br /> Be sure not to make the mistake that I made once - I browsed to<br /><br /> my site, saw that the home page came up, and went to work.<br /><br /> Later, I found it was not working but appeared to work because<br /><br /> the home page was stored in my browser cache. Thus I learned a<br /><br /> simple lesson the hard way: always hit the refresh key of the<br /><br /> browser when testing .htaccess changes.<br /><br /> <br /><br /> I did a little research and testing, and added the following<br /><br /> lines to my .htaccess file.<br /><br /> <br /><br /> redirect /scripts <a href="http://www.stoptheviruscold.invalid" target="bago">http://www.stoptheviruscold.invalid</a> redirect<br /><br /> /MSADC <a href="http://www.stoptheviruscold.invalid" target="bago">http://www.stoptheviruscold.invalid</a> redirect /c<br /><br /> <a href="http://www.stoptheviruscold.invalid" target="bago">http://www.stoptheviruscold.invalid</a> redirect /d<br /><br /> <a href="http://www.stoptheviruscold.invalid" target="bago">http://www.stoptheviruscold.invalid</a> redirect /_mem_bin<br /><br /> <a href="http://stoptheviruscold.invalid" target="bago">http://stoptheviruscold.invalid</a> redirect /msadc<br /><br /> <a href="http://stoptheviruscold.invalid" target="bago">http://stoptheviruscold.invalid</a> RedirectMatch (.*)cmd.exe$<br /><br /> <a href="http://stoptheviruscold.invalid" target="bago">http://stoptheviruscold.invalid</a>$1<br /><br /> <br /><br /> These lines did exactly what I wanted them to do - they stopped<br /><br /> the virus from creating 404 errors in my log file, and they<br /><br /> prevented my 404 error page from being triggered, thus creating<br /><br /> lots of useless bandwidth utilization. There is still some<br /><br /> bandwidth used, obviously, but it is far less than it would have<br /><br /> been. The load on the server is also considerably reduced, which<br /><br /> should make my web hosting company happy.<br /><br /> <br /><br /> Note that log file entries are still made by the various worms<br /><br /> as they attempt to penetrate the server. These entries do now<br /><br /> show as errors, which makes it easier to pick out real errors<br /><br /> from the logs.<br /><br /> More <a href="http://www.articlesroom.com">free articles</a> from <a href="http://www.articlesroom.com">http://www.articlesroom.com</a>

Related articles

• Time Management In Project Management
• What Can Be The Secrets Of Successful Parenting?
• B2B business portal can attract customers with Mobile Marketing
• Be What You Want To Be! See Here Is A Way…
• Laser Marking Machine: Technical Advancement to make marking simpler
• What Celebrities Suffer from OCD Obsessive Compulsive Disorder?
• Find the Best GSA Consultant Online
• Specifications and Features of Sleek Full-Length Emergency Lightbars
• Light Bars LED Equipment That Offer More Than Just Emergency Lighting
• How to Make Sure That Your Lightbar LED Equipment is Reliable
• Bypass the Legal Hassles with Dallas DWI Attorney
• Three Types of Lighting Equipment Used by Emergency Vehicles
• Low Cost Mini Light Bar With Impressive Performance
• LED Vehicle Lights – Why They Are So Popular With Emergency Vehicles
• Five Reasons Why You Should Pick Light Bars for Emergency Lighting Requirements
• Enjoy Optimized lighting with the Mini Lightbar
• Emergency Warning Lights With Innovative Flashing Options
• Simple steps to hire an Alabama DUI attorney
• Microfiber Towels: For Multipurpose Cleaning Tasks
• SEO consultant UK
• Extreme tactical dynamics the best place for all of your LED Emergency Vehicle Lighting
• Discover The Lexus CT 200H F Sport Hybrid, The Epitome Of Luxury Hybrid
• Magento Website Design: Powerful Zone to Shape up Ecommerce Initiatives
• Need for valuable reputation management.
• Indexing and Crawling

Newest Articles

• Reviews on Different Business Catalog Printing Process
• Selling Your Experience
• Where Cable Lighting Should Be Used?
• Level Up Your Business Cards A Notch Higher
• Pedaling to wash clothes
• Basic Adventure Travel Check List
• eConn Resume Processing Solution only at $249
• Advanced Kiosk Systems to Compact Tough Conditions
• Freestanding Fire Pits: Now for Entertainment and Grilling
• How to Keep Your Fire Pit Handy for Winter Use
• Mr. Ashok Mahindru
• Propecia Prescription To Give Your Hair Grow Back
• Audemars Piguet Replica Watches-A Much Better Quality At Fashion-replica.com
• Choose the best elitemakeup foundation
• Hublot Replica Watch -The preferred Christmas gift at the highest levels
• Pass a Drag Test: Pass a Social Responsibility
• Tag Heuer Replica At Fashion-replica.com – The Best Gifts For Christmas
• Passing a Drag Test Is the First Step
• You May Run but You Can not Hide From a Drug Test
• Event management and advertising services from Infra Design
• Utah Ski Resort Real Estate And Lodging Snow Basin And Powder
• Drugs in the Field of Sports
• Do Your Kid pass a Drug Test?
• Get that Catalog Printing Right
• Understand Exactly What Your Business Has to Offer

Most Popular Articles

• 12 Golden rules for every Dog owner
• 17 Tips That'll Safeguard You and Your Family From Dog Bites
• 14 Tips for Crate Training Your New Puppy
• 3 Simple Steps For A Healthier Dog
• 3 Tips For Dealing With Dog Emergencies
• Generating a positive ROI from PPC
• Search Engine Promotion - your options explained
• Submit site to announce it to the world!
• Exercise Bikes – How Far They Have Come
• Mortgage Equity Loans With Multiple Benefits
• Javascript Basics 01
• Home Equity Online Loans become more popular
• What Does Your Body Language Tell?
• Let Your Business Grow By Invoice discounting in the UK
• Uncommon Facts / Rules of English Language
• Misunderstandings Due To Accents
• Diabetes and Your Eyesight
• How to Prevent Online Identity Theft
• Learn to Speak Basic Chinese (Mandarin) Words and Phrases
• Learn Korean: Part 1 - Asian Languages and Language Families
• Pancreas Transplants - A Solution For Type 1 Diabetes Sufferers?
• Tips To Learn English
• Learn Korean: Part 2 - Social Status in Culture
• IELTS: Facts Not Many People Know
• Aphasia: The Cruelest Language Barrier