You could write an Apache module :) Tom Veldhouse veldy at veldy.net ----- Original Message ----- From: "Callum Lerwick" <seg at haxxed.com> To: <tclug-list at mn-linux.org> Sent: Thursday, August 09, 2001 2:54 PM Subject: Re: [TCLUG] AT&T/Mediaone does it again? > > Anyway, here's what I've done on my own system (not on a cable modem): > > > > Add `.ida' to the PHP mime/type in httpd.conf > > > > AddType application/x-httpd-php .php .php4 .ida > > > > and created a file named `default.ida' that attempts to connect back to > > CR2-infected systems and pop up a warning with the `net send' command. > > > > Of course, I have no way to test it. > > > > http://www.tc.umn.edu/~hick0088/files/defaultida.txt > > It won't work. I've tried it. Apache sees the garbage that is the virus > body, and responds with a Bad Request error, and won't even touch any > CGI you try and get it to run. > > What you need to do is make a daemon that watches apache's logfiles for > codered hits and responds in whatever way you'd like. > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >