httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William C. (Bill) Jones <wcjo...@fccj.edu>
Subject [users@httpd] CodeRed and Slapper ?
Date Tue, 08 Oct 2002 04:39:01 GMT
Hi Ppl :)

I want to develop an attack pattern Log Viewer, to see what remote 
hosts are infected with the OpenSSL slapper and those that *are* 
*still* infected with CodeRed (hey, get a grip ya know?)

What I hacked so far does the basics:

#!/usr/bin/perl -w

use strict;
use diagnostics;

my $error_log   = "/var/log/apache/error.log";

open ERROR, "<$error_log" or die "cannot read $error_log\n";

while(<ERROR>) {
         next unless /without|\.exe/i;
         print 'System at ' . (split(/\]/,(split(/\[client\s/))[1]))[0] .
' is infected with the SLAPPER virus: ' . (split(/\]/))[-1] . "\n" 
if /without/i;
         print 'System at ' . (split(/\]/,(split(/\[client\s/))[1]))[0] .
' is infected with the CODERED virus: ' . (split(/\s/))[-1] . "\n" 
if /\.exe/i;
}

close(ERROR);

exit;
__END__


But I am wondering if I am reinventing the wheel here?  Has anyone 
already started such a project?

TIA;  :)
???/Sx ?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message