Default.ida


#1

Well this is something new to me. There was a request for default.ida? with a long string of characters after in my server log this evening. From what I understand, this has something to do with a code red worm, from an outside machine (windows). Is there any way at this time to block these types of requests? Because I also understand that this can eat up a lot of bandwidth on apache machines. Or is it correct to just put empty default.ida files in any domain directories?

~Michelle


#2

We’d have to see if DreamHost can block them, I think. The problem is pretty much like an unwanted phone call. You have the ability to choose not to answer a phone call, but you need the help of your telephone company to keep the calls from actually ringing through to your phone in the first place.

As for placing empty default.ida files, naturally that would help keep your outgoing bandwidth down especially if your customized HTML is larger in file size than the default “Not found” message.

However if you like to scrutinize your web server logs, you might not want such hits to be logged as “200 OK” (empty default.ida) or “404 Not found” (no default.ida) because of their malicious nature. I usually trap unwanted requests using the 202 status code, “Accepted but not able to process”. I’ve never seen this code used before so it makes it easy to filter it out when reviewing web logs. If you wanted to do that yourself, in .htaccess you would do:RedirectMatch 202 default.ida An empty default.ida file would be optional but might want to keep it in case the .htaccess file fails.

:cool: Perl / MySQL / HTML+CSS


#3

Just added that to my .htaccess, and it works great. Thanks! I noticed the request for default.ida today for the first time, along with the common request for nsiislog.dll. I’m soooo thankful we’re not on windows! But it’s still sorta unnerving.