I am not good enough with scripts to do this but could someone write a script that can analyse an apache log, and generate a list of all ip addresses that have tried to access default.ida (the way code red infects) - I want to have a list so I can then go to the servers and contact the webmasters and tell them that there system is infected as the UK Tech webserver seems to be getting hit once every minute or so!