Very Computer

Hi there,
  I'm tired of hackers filling my logs with stupid messages..

80.32.144.43 - - [04/Dec/2002:18:46:46 +0000] "HEAD
/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -

So I added a default virtual host.. Only name-based requests with
valid host headers now reach a legitimate virtual host..

<VirtualHost *>
    # Unassigned hosts are rejected..
    RedirectMatch 404 (.*)
</VirtualHost>

But this is still returning to much information for my liking..

HTTP/1.1 404 Not Found
Date: Sat, 07 Dec 2002 14:57:36 GMT
Server: Apache/2.0.43 (Win32) DAV/2 SVN/0.15.0 (r3687)
Content-Length: 283
Connection: close
Content-Type: text/html; charset=iso-8859-1

How do I surpress the 'Server' header, or better yet drop these
requests altogether??

Regards,
Damon.

you may use the capabilities of CustomLog...

Quote:> HTTP/1.1 404 Not Found
> Date: Sat, 07 Dec 2002 14:57:36 GMT
> Server: Apache/2.0.43 (Win32) DAV/2 SVN/0.15.0 (r3687)
> Content-Length: 283
> Connection: close
> Content-Type: text/html; charset=iso-8859-1

> How do I surpress the 'Server' header,

you can't (without running a proxy or patching the server).
You may reduce the information using the ServerTokens directive.

Quote:> or better yet drop these
> requests altogether??

You can't, since you are not issuing the requests.

nd
--
$_=q?tvc!uif)%*|#Bopuifs!A`#~tvc!Xibu)%*|qsjou#Kvtu!A`#~tvc!KBQI!)*|~

$_)-1)}split//=>$_[0]).$_[1];s s.*s$_see;  #  http://www.perlig.de/ ;

Have it redirect to 127.0.0.1 instead; this also avoids getting your error
log filled up with these requests.

This is what I use in my server config for those types of attacks

RedirectMatch (.*)\cmd.exe$ http://127.0.0.1
RedirectMatch (.*)\root.exe$ http://127.0.0.1
RedirectMatch (.*)\default.ida$ http://127.0.0.1
RedirectMatch (.*)\.asp$ http://127.0.0.1
RedirectMatch (.*)\.dll$ http://127.0.0.1

Seb

Quote:> Hi there,
>   I'm tired of hackers filling my logs with stupid messages..

> 80.32.144.43 - - [04/Dec/2002:18:46:46 +0000] "HEAD
> /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 -

> So I added a default virtual host.. Only name-based requests with
> valid host headers now reach a legitimate virtual host..

> <VirtualHost *>
>     # Unassigned hosts are rejected..
>     RedirectMatch 404 (.*)
> </VirtualHost>

> But this is still returning to much information for my liking..

> HTTP/1.1 404 Not Found
> Date: Sat, 07 Dec 2002 14:57:36 GMT
> Server: Apache/2.0.43 (Win32) DAV/2 SVN/0.15.0 (r3687)
> Content-Length: 283
> Connection: close
> Content-Type: text/html; charset=iso-8859-1

> How do I surpress the 'Server' header, or better yet drop these
> requests altogether??

> Regards,
> Damon.

Better still, use Jay Dyson's Early Bird so that these lame scripted
attempts will be automagically LARTed... :-)

--
John Oliver, CCNA                            http://www.john-oliver.net/
Linux/UNIX/network consulting         http://www.john-oliver.net/resume/
***               sendmail, Apache, ftp, DNS, spam filtering         ***
****                Colocation, T1s, web/email/ftp hosting          ****