[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

REOT RE: [cobalt-users] OT Code Red variations

Subject: REOT RE: [cobalt-users] OT Code Red variations
From: "Mike Lunn" <mlunn@xxxxxxxxx>
Date: Tue Aug 7 19:47:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I use CarrieB script and made the following  PHP Code

$accesslog="/var/log/httpd/access";

echo "<b>This sytem has been attacked today by the Code Red worm a total of
:";
system("cat ". $accesslog . " | grep default.ida | wc -l");
print " times.<br>";
print "<PRE><font size='2'>";
print  system("cat ". $accesslog . "| grep default.ida | awk '{print $2}' |
sort | uniq ") . "<BR>\n";
print "</PRE>";
print "<br><br>Out of the above number a total of ";
system("cat ". $accesslog . " | grep default.ida | awk '{print $2}' | sort |
uniq | wc -l ");
print " were from unquie ips.<br>";


I don't have to ssh in to see how bad I am being hit.  Gave up moving them
all to hosts.deny.


>A few, i sorted them the other day for giggles, I know a fellow eho has
>gotten 40K hits, he got bored and made default.ida a hit counter page to
>count them...lol


Mike

Follow-Ups:
- Re: REOT RE: [cobalt-users] OT Code Red variations
  - From: Greg Hewitt-Long

Prev by Date: RE: [cobalt-users] handling a .raq file
Next by Date: RE: [cobalt-users] Idea for a new web site
Previous by thread: Re: [cobalt-users] Access though domain name
Next by thread: Re: REOT RE: [cobalt-users] OT Code Red variations

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index