[TriLUG] OT: Finding/Notifying People with Worm-infested PC's

Krishna Dagli kdagli at infofin.com
Tue Apr 20 16:53:13 EDT 2004


Jaimie Livingston wrote:
>>On Tue, 2004-04-20 at 16:04, Jaimie Livingston wrote:
>>
>>
>>>I have a small web-server that I run at home for personal and development
>>>use, and I've been tagged by a few Worm-infested Windoze boxes, probably
>>>some home PCs that the users have running wide open on the Internet. I have
>>>the IP addresses, some from RR, and would like to find these people and let
>>>them know that they are doing the world a disservice by leaving an infected
>>>Windows box up and running, and maybe give them some pointers on how to
>>>prevent such a thing from happening. 
>>>
>>
>>All you can really do is forward the e-mail (with full headers) to the
>>appropriate abuse/postmaster addresses, which would be for example
>>abuse at nc.rr.com for RoadRunner customers.  Not sure it will 
>>do that much good but it's worth a try.  I don't really worry about it myself as
>>SpamAssassin seems to catch most of the worm e-mail that I get.
>>
>>--Jeremy
> 
> 
> Except is not e-mail that's bugging me, it's the way Nimbda, CodeRed, and the WebDAV worms
> are cluttering my Apache logs. It's not a huge concern, but it is a pet peeve. Do you
> think the sending them excerpts from the logs will be of use? 
> 

For  sending logs check <http://www.dshield.org/> and to get rid 
of cluttering in apache logs look at
http://mail-archives.engardelinux.org/engarde-users/2002/Jan/0219.html

-Krishna.



More information about the TriLUG mailing list