[TCLUG] AT&T/Mediaone does it again?

Thu Aug 9 19:57:46 CDT 2001

Callum Lerwick <seg at haxxed.com> wrote:
> 
> > Of course, I have no way to test it.
> > 
> >   http://www.tc.umn.edu/~hick0088/files/defaultida.txt
> 
> It won't work. I've tried it. Apache sees the garbage that is the virus 
> body, and responds with a Bad Request error, and won't even touch any 
> CGI you try and get it to run.

Are you sure?  I'm seeing `200' responses when I get a Code Red II request
(Code Red gives `400's, OTOH), which would seem to indicate it was run.  I
suppose I have to set up the script to write to its own log so I can get a
better idea of whether it works or not.

Also, why would Apache have trouble?  I actually noticed earlier, before I
put this script up, that Code Red requests were getting 400s, while Code
Red II requests were getting 404s.  I suppose the two worms handle their
HTTP connections differently..

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Why do we wash bath 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   towels? Aren't we clean  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  when we use them? 
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010809/aec82400/attachment.pgp