On Sunday 12 August 2001 14:54, Alex Brett wrote:
I am not good enough with scripts to do this but could someone write a script that can analyse an apache log, and generate a list of all ip addresses that have tried to access default.ida (the way code red infects) - I want to have a list so I can then go to the servers and contact the webmasters and tell them that there system is infected as the UK Tech webserver seems to be getting hit once every minute or so!
Anyone got any ideas how to do this? I think there's a perl script that does the job at http://www.dasbistro.com/default_ida_info.html however, I'm not sure how userful it will be.
I did a grep of my logs and then did a reverse dns lookup on some of the attacking sites. The first half dozen (of the 761 total so far) came from korea, and I did not think my language skills were up to engaging in the discussion. Cheers -- Phil Driscoll