[aclug-L] FW: NEW VIRUS - Read this!(No the virus isn't included!) - Cus
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Here's another take on a "solution"...
> SetEnvIf Request_URI \.exe$ ms_bs
> SetEnvIf Request_URI \.dll$ ms_bs
> SetEnvIf Request_URI \share$ ms_bs
>
> CustomLog /var/log/httpsd/access_log common env=!ms_bs
> CustomLog /var/log/httpsd/ms-bs_log common env=ms_bs
And here's some more ideas:
> damn, I am sorry, when I copied it over it seems like I DID forget the
'common' keyword. What this does: Everytime a request for one of those
MS things comes in, apache sets up a variable "other" and names it
"ms-bs". Next I am defining a custom log, and by putting "env=!ms-bs", I
am telling apache to NOT log the request if the "other" enviroment
variable has been set to "ms-bs". It is not necessary to additionally
set up another log that WILL log the ms-bs stuff. This can just be left
off, and simply nothing will be logged when the ms-bs variable is set.
> It will still show up in the error_log though. If you want to take
this a step further, you might try to puzzle something together with an
alias match to point it to a dummy-page, e.g. AliasMatch /scripts/.*
"/path/to/htdocs/dummypage.html"
> You just have to be sure that there is nothing on your webserver that
actually uses a directory called "scripts". However, I did this for my
server, and it works fine, both my error_log and access_log are almost
clean of MS-BS now. There are still requests for other locations like
"/c/winnt/system....", "/d/winnt/..." and some "_mem_bin" etc., so you
might want to filter that out too.
gLaNDix
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [aclug-L] FW: NEW VIRUS - Read this!(No the virus isn't included!) - CustomLog problem solved!,
gLaNDix <=
|
|
