LinuxPR: Apache CodeRed Countermeasures with PHP: codeRedKiller!

Aug 19, 2001, 19:35 (7 Talkback[s])

"CodeRed is a problem for all system administrators and webmasters, not just those using IIS. It takes time and energy to respond even if its just a 404. codeRedKiller is a PHP and bash script combo that automatically processes and drops requests from offending CodeRed servers.

codeRedKiller is a simple concept that truly can help conserve resources. It saves time and energy (bandwidth and cpu power, etc) by automatically identifying and dropping requests from CodeRed infected hosts. Its goals are to stop CodeRed requests to apache webservers and to do it without requiring more effort than a typical 404 error.

codeRedKiller achieves these goals with a straightforward PHP script (included) that masquerades as the "defualt.ida" file that CodeRed itself searches out. If a request is made to this file (a PHP script in this case) it simply records the IP address of the offending host (the requestor) to a file."

Press Release