Sophie: modlogan-0.8.13-4mdk i586

modlogan-0.8.13-4mdk.i586.rpm

# $Id: group.url.conf,v 1.3 2001/12/14 00:11:31 erich Exp $
[groupurl]
# Group index pages with directory page
groupurl = "^(/.*/)(index|default)\.(html?|shtml|phtml|php[34]?|cgi|pl|jsp|asp)",$1
# Group CGIs by stripping parameters
groupurl="^(.+?)\?",$1

[group_exploits]
# Typical requests by common internet worms
groupurl = "^/default\.ida\?XXXXXXX",worm attack (Code.Red II)
groupurl = "^/default\.ida\?NNNNNNN",worm attack (Code.Red)
groupurl = "^/(MSADC|scripts)/root\.exe\?/c\+dir",worm attack (W32.Nimda.A@mm)
groupurl = "^/(_mem_bin|_vti_bin)/\.\.%255c\.\./\.\.%255c\.\./\.\.%255c\.\./winnt/system32/cmd.exe\?/c\+dir",worm attack (W32.Nimda.A@mm)
groupurl = "^/msadc/\.\.%255c\.\./\.\.%255c\.\./\.\.%255c/\.\.%c1%1c\.\./\.\.%c1%1c\.\./\.\.%c1%1c\.\./winnt/system32/cmd.exe\?/c\+dir",worm attack (W32.Nimda.A@mm)
groupurl = "^/[cd]/winnt/system32/cmd.exe\?/c\+dir",worm attack (W32.Nimda.A@mm)
groupurl = "^/scripts/\.\.%(.*)\.\./winnt/system32/cmd.exe\?/c\+dir",worm attack (W32.Nimda.A@mm)