I noticed recently that a huge chunk of the bandwidth allocation on my server was being eaten by Code Red / Nimda worms bringing up the 404 error page, together with all its constituent parts.

Well that pissed me off :mad:

So I put together a tiny little script that I inserted at the beginning of my 404 error script, and now Nimda doesn't eat my bandwith at all :D

To use this, your 404 error page must be parsed as PHP. To set this up in Apache, open httpd.conf (or a .htaccess file for your site) and add (or edit) this line:ErrorDocument 404 /webroot/fourofour.php(where /webroot is the location of your 404 error page, and fourofour.php is the name of the 404 script.)

Next, open up your fourofour.php file, and right at the beginning of the file, put in this code:<?php
// anti-worm bandwidth-eating code
$worms = array("cmd.exe","root.exe","default.ida");
for ($i=0; $i<sizeof($worms); $i++) {
if (stristr($REQUEST_URI,$worms[$i])) {
echo " ";
exit;
}
}
?>
What this script does is it reads the URL of the page being requested, and if finds one of the evil signatures, like 'cmd.exe' (Nimda) or 'default.ida' (Code Red), it exits immediately, preventing your server from working to service the worm. :)

When the next worm goes wild, simply add its signature to the $worms array and it will be filtered too.

I'll install it as soon as i get the new version... ;)

Sweet Deal Kier :) This is on its way into my error redirections.

cheers gonna have to redownlad putty again it seems.