vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Worm Bandwidth Fix (https://vborg.vbsupport.ru/showthread.php?t=31891)

Kier 10-30-2001 10:00 PM
I noticed recently that a huge chunk of the bandwidth allocation on my server was being eaten by Code Red / Nimda worms bringing up the 404 error page, together with all its constituent parts.

Well that pissed me off :mad:

So I put together a tiny little script that I inserted at the beginning of my 404 error script, and now Nimda doesn't eat my bandwith at all :D

To use this, your 404 error page must be parsed as PHP. To set this up in Apache, open httpd.conf (or a .htaccess file for your site) and add (or edit) this line:
Code:
ErrorDocument 404 /webroot/fourofour.php
(where /webroot is the location of your 404 error page, and fourofour.php is the name of the 404 script.)

Next, open up your fourofour.php file, and right at the beginning of the file, put in this code:
PHP Code:
<?php
// anti-worm bandwidth-eating code
$worms = array("cmd.exe","root.exe","default.ida");
for ($i=0$i<sizeof($worms); $i++) {
    if (stristr($REQUEST_URI,$worms[$i])) {
        echo " ";
        exit;
    }
}
?>
What this script does is it reads the URL of the page being requested, and if finds one of the evil signatures, like 'cmd.exe' (Nimda) or 'default.ida' (Code Red), it exits immediately, preventing your server from working to service the worm. :)

When the next worm goes wild, simply add its signature to the $worms array and it will be filtered too.

MrLister 10-31-2001 12:31 AM
I'll install it as soon as i get the new version... ;)

Bane 10-31-2001 12:55 AM
Sweet Deal Kier :) This is on its way into my error redirections.

over 11-09-2001 08:45 PM
cheers gonna have to redownlad putty again it seems.


All times are GMT. The time now is 08:41 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00934 seconds
  • Memory Usage 1,716KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete