httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jaqui <>
Subject Re: [users@httpd] CodeRed and Slapper off list
Date Tue, 08 Oct 2002 16:00:27 GMT
actually, I am interested in the script myself.
there are a significant number of servers hitting me that are infected.


Dave Stahr wrote:
>>I want to develop an attack pattern Log Viewer, to see what remote 
>>hosts are infected with the OpenSSL slapper and those that *are* 
>>*still* infected with CodeRed (hey, get a grip ya know?)
> I've got a similar one that is just a bit more beefy and takes less
> overhead to run than a one-time blast.  
> Basically it does the same thing as yours, but instead of just opening
> the file, it does a "tail -f" on it, then watches it for all sorts of
> things, including virus/worm alerts.  It runs as root, and has the
> ability to issue iptables commands to automatically shut down access to
> a particular IP if it sees more connections than whatever limit I
> specify.
> The down-side of it, it has to be running all the time.  It will
> reinitiate the tail process if someone kills it off or the apache log is
> truncated/moved, but still does hog up two little processes 24/7.
> Let me know off-list if you're interested:  (I will no
> longer have access to the address I'm posting from now in about a week.)

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message