dcsimg

ONLamp: Apache::CodeRed


"My own server wasn't vulnerable to these attacks, because it runs Apache and Linux. But Code Red 2 didn't check a server's identity when launching an attack; it sent the dangerous HTTP request to anyone who would listen, betting on the large number of IIS servers on the Internet. While I didn't have to worry about infection, I felt like I should do something to let people know that their computers had been infected.

My solution was to write a small module for mod_perl, originally called "CodeRed" and eventually renamed Apache::CodeRed. The module's job is to intercept any request for /default.ida, determine the host name of the HTTP client, and send a warning e-mail message to the administrator of that client." ... Code Red 2 didn't check a server's identity when launching an attack; it sent the dangerous HTTP request to anyone who would listen, betting on the large number of IIS servers on the Internet. While I didn't have to worry about infection, I felt like I should do something to let people know that their computers had been infected.

This article was originally published on Aug 17, 2001
Page 1 of 1

Thanks for your registration, follow us on our social networks to keep up-to-date