I am not good enough with scripts to do this but could someone write a script that can analyse an apache log, and generate a list of all ip addresses that have tried to access default.ida (the way code red infects) - I want to have a list so I can then go to the servers and contact the webmasters and tell them that there system is infected as the UK Tech webserver seems to be getting hit once every minute or so! Anyone got any ideas how to do this? Alex Brett rebuke@uktech.eu.org
On Sunday 12 August 2001 14:54, Alex Brett wrote:
I am not good enough with scripts to do this but could someone write a script that can analyse an apache log, and generate a list of all ip addresses that have tried to access default.ida (the way code red infects) - I want to have a list so I can then go to the servers and contact the webmasters and tell them that there system is infected as the UK Tech webserver seems to be getting hit once every minute or so!
Anyone got any ideas how to do this? I think there's a perl script that does the job at http://www.dasbistro.com/default_ida_info.html however, I'm not sure how userful it will be.
I did a grep of my logs and then did a reverse dns lookup on some of the attacking sites. The first half dozen (of the 761 total so far) came from korea, and I did not think my language skills were up to engaging in the discussion. Cheers -- Phil Driscoll
Hi,
If you could send me a sample of your apache log file
that you want analysed, along with an explanation as
to what you want extracting, I can write you a shell
script that can do this for you. (I used to do this a
lot when I was at school, I wrote "squidlog" :-))
Let me know if your interested,
Regards,
Thomas Adam
--- Phil Driscoll
I am not good enough with scripts to do this but could someone write a script that can analyse an apache log, and generate a list of all ip addresses that have tried to access default.ida (the way code red infects) - I want to have a list so I can then go to the servers and contact the webmasters and tell them that there system is infected as the UK Tech webserver seems to be getting hit once every minute or so!
Anyone got any ideas how to do this? I think there's a perl script that does the job at http://www.dasbistro.com/default_ida_info.html however, I'm not sure how userful it will be.
I did a grep of my logs and then did a reverse dns lookup on some of the attacking sites. The first half dozen (of the 761 total so far) came from korea, and I did not think my language skills were up to engaging in the discussion.
Cheers -- Phil Driscoll
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
Please note that the content of this message is confidential between the original sender and the intended recipient(s) of the message. If you are not an intended recipient and/or have received this message in error, kindly disregard the content of the message and return it to the original sender.
If you have any complaints about this message please reply to: office@purbeck.dorset.sch.uk
The Purbeck School E-Mail server running: users.purbeck.dorset.sch.uk
===== Thomas Adam Linux Co-ordinator for The Purbeck School e-mail (school): n6tadam@users.purbeck.dorset.sch.uk e-mail (yahoo) : thomas_adam16@yahoo.com ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie
participants (3)
-
Alex Brett -
Phil Driscoll -
Thomas Adam