does such a thing also exist for a squid if you use it as a reverse proxy?

-----Original Message----- From: studio3arc.com Admin [mailto:admin@studio3arc.com] Sent: Wednesday, November 27, 2002 5:12 PM To: mailinglists@belfin.ch; suse-security@suse.com Subject: RE: [suse-security] IIS Worms

...

Hi

to me this looks like some kind of nimda or code red. you can filter this using iptables string match.

This can be done but you will also be placing reasonable overhead on your system. There are plug-in for Apache that allows you to log these separately. The best one I've seen and unfortunately I no longer have the link used the hole created by nimda to place a courtesy file in a autoexec start up script. Something to the tune of ' fix your damn computer nimrod'. I have also seen others that e-mailed the isp's admin. In my experience though I never get a response. Placing a courtesy note in an autoexec file does work. Once I actually had a guy leave a response on his drive asking me how to fix it.