LinuxPR: Apache CodeRed Countermeasures with PHP: codeRedKiller!
Aug 19, 2001, 19:35 (7 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"CodeRed is a problem for all system administrators and
webmasters, not just those using IIS. It takes time and energy to
respond even if its just a 404. codeRedKiller is a PHP and bash
script combo that automatically processes and drops requests from
offending CodeRed servers.
codeRedKiller is a simple concept that truly
can help conserve resources. It saves time and energy (bandwidth
and cpu power, etc) by automatically identifying and dropping
requests from CodeRed infected hosts. Its goals are to stop CodeRed
requests to apache webservers and to do it without requiring more
effort than a typical 404 error.
codeRedKiller achieves these goals with a straightforward PHP
script (included) that masquerades as the "defualt.ida" file that
CodeRed itself searches out. If a request is made to this file (a
PHP script in this case) it simply records the IP address of the
offending host (the requestor) to a file."