You could write an Apache module :)

Tom Veldhouse
veldy at veldy.net

----- Original Message ----- 
From: "Callum Lerwick" <seg at haxxed.com>
To: <tclug-list at mn-linux.org>
Sent: Thursday, August 09, 2001 2:54 PM
Subject: Re: [TCLUG] AT&T/Mediaone does it again?


> > Anyway, here's what I've done on my own system (not on a cable modem):
> > 
> > Add `.ida' to the PHP mime/type in httpd.conf
> > 
> >   AddType application/x-httpd-php .php .php4 .ida
> > 
> > and created a file named `default.ida' that attempts to connect back to
> > CR2-infected systems and pop up a warning with the `net send' command.
> > 
> > Of course, I have no way to test it.
> > 
> >   http://www.tc.umn.edu/~hick0088/files/defaultida.txt
> 
> It won't work. I've tried it. Apache sees the garbage that is the virus 
> body, and responds with a Bad Request error, and won't even touch any 
> CGI you try and get it to run.
> 
> What you need to do is make a daemon that watches apache's logfiles for 
> codered hits and responds in whatever way you'd like.
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>