Josh Trutwin wrote: >>RedirectMatch permanent ^/\x90 http://www.microsoft.com/ > Does this one actually work? I just got another one of these buggers in my logs. It seemed to work for me... (did not confirm with an actual probe, however). > CustomLog /var/log/apache/access_log combined env=!exploit > CustomLog /var/log/apache/ms_attack_log combined env=exploit I like this trick... I'm now doing this to declutter my logs (and I only log the ip address and result code, not the whole URI in the exploit log). Chewie wrote: > As much as Microsoft may be the Big Bad Ugly(TM), simply dropping these > requests might be a more appropriate action. I'm sure we are all frustrated with these various attacks, but Chewie is right. This is some sort of virus probe and certainly is not going to "honor" redirect requests. Even though it's fun to make mod_rewrite do it's thing it really only contributes to the background noise on the net. I've taken out the redirects, but kept the URI exploit filter/logging. Regards, --Tom _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list