Hi guys, I'm lookin' for a little help again if poss plz. Your last
suggestions helped me a great deal so I thought I would try again.
I have borrowed the following server script to try and stop virus
logging to my default log, however I am getting an intermittent
problem. Occasionally the whole log turns into a complete Japanese
character set. At this point I usually have to delete the log and
start a new one, which is usually fine. Incidentally it will convert
the entire current log into Japanese, not just from a certain point
onwards.
Any help would be appreciated. By the way, I'm not overly familiar
with Perlscript unfortunately, so I am relying on the following script
to be correct by whoever wrote it. Apologies for my lack of knowledge
in this area.
Thanks in advance
Stevie
The script follows: (inside the <virtualhost> section)
#The following code attempts to stop virus attempt loging
#
# Code Red
SetEnvIf Request_URI "^/default\.(idaidq)(.*)$" msjunk nolog
SetEnvIf Request_URI "^/default\.ida(.*)$" msjunk nolog
#
# Nimda
SetEnvIf Request_URI "(cmdrootshell)\.exe(.*)$" msjunk nolog
SetEnvIf Request_URI "(adminhttpodbc)\.dll(.*)$" msjunk nolog
#
# Windows Media Attack
SetEnvIf Request_URI "nsiislog\.dll(.*)$" msjunk nolog
#
# MS webdav Attack
SetEnvIfNoCase Request_URI "\/\x90\x02" msjunk nolog
#
SetEnvIf Request_URI "^PROPFIND(.*)$" msjunk nolog
SetEnvIf Request_URI "^POST \/_vti_bin" msjunk nolog
#
# Don't log local requests
SetEnvIf Remote_Addr "xxx\.xxx\.xxx\.xxx" nolog
[ip address masked for security]
#
CustomLog logs/msjunk_log combined env=msjunk
CustomLog "|bin/rotatelogs.exe c:/logs/logfile 86400" common
env=!nolog
FAQ
Profile
Private Messages
Log in
