>on 3/27/04 18:42, Scott Haneda at scott at newgeo.com wrote: > I am serving up my mrtg stats on port 80 just so I can see > what is going on no matter where I am. ... > > The first thing I did what start tracking the worms and other issues > # create special cases to get code red and others out of my logs! > SetEnvIfNoCase Request_URI "/cmd\.exe" msjunk ... > > I send these logs to a serrate log... > CustomLog "/private/var/log/httpd/msjunk_log" virtual env=msjunk > CustomLog "/private/var/log/httpd/msjunk_IP_log" justIP env=msjunk > > One is the full request, the last one is just the IP > > Every 5 minutes cron picks up the IP log and adds it to a blackhole list so > they can not talk to me again. Scott, This is very interesting but I admit way over my head. I am struggling with getting WebDAV to work properly just for joint GoLive development work. Using WebDAV for some more "interesting" things like this has some appeal to me. Can you walk me (and the rest of us) through a bit more of what exactly is going on here so that we can better understand? I've read some about the WebDAV exploit so I have some concerns. Is this just a IIS concern? Would it help to have HTTP and WebDAV on separate ports? Is there a way to do that while running only one Apache instanciation on one server? If not, how would we run two instanciations? Dean