[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script

Subject: Re: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
From: "Gregory Ogorek" <greg@xxxxxxxxxxxxxx>
Date: Fri Sep 21 01:42:12 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I've added a few lines and now the php script can display the IP addresses
making the attacks.  Just cut and paste into a text editor the resulting IP.
Then Search and Replace spaces with carriage returns.
Greg O
greg@xxxxxxxxxxxxxx

<!--Start Code-->
<html><head>

<title>PERL Worm Scanner by [kjv]</title>

</head>

<B><H3>Code Red, Nimda and Other Worm Scanner </H3></B>

By <a href="mailto:webmaster@xxxxxxxxxxxxx";>Kham Vue</a><br>

<a href="http://www.sengtroni.com";>www.sengtroni.com</a><br>

IP Display by <a href="mailto:greg@xxxxxxxxxxxxxx";>Greg Ogorek</a><br>

Original SHELL script by Glenn Scott glen@xxxxxxxxxxxxxxxxxxxxx

<P>
This server has received <B>
<?system("cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
wc -l") or die ("Could not open web logs!");?>
</B> scans for <i>"/script/root.exe"</i> from <b>
<?system("cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
cut -d '' -f2 | sort | uniq | wc -l");?>
</b> different IP addresses! <BR>

<P>
This server has received <B>
<?system("cat /var/log/httpd/access | grep 'cmd.exe'|wc -l") or die ("Could
not open web logs!");?>
</B> scans for <i>"cmd.exe"</i> from <b>
<?system("cat /var/log/httpd/access | grep 'cmd.exe' | cut -d '' -f2 | sort
| uniq | wc -l");?>
</b> different IP addresses! <BR>


<p>
The server has been attacked <B>

<?system("cat /var/log/httpd/access | grep '/default.ida'|wc -l")?>

</b> times by the Code Red Virus from <b>

<?system("cat /var/log/httpd/access | grep '/default.ida' | cut -d '' -f2 |
sort | uniq | wc -l");?>

</b> different IP Addresses!!!!

<P><HR>
<b>Nimda Attacks by IP</b><br>
<?system("cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
cut -d ' ' -f2 | sort | uniq");?><br>

<P><HR>
<b>Code Red Attacks by IP</b><br>
<?system("cat /var/log/httpd/access | grep '/default.ida' | cut -d ' ' -f2 |
sort | uniq");?><br>

<P><HR>

This script comes "as is". Any modifications, please update the author via
email.

</body></html>
<!--END CODE-->

Follow-Ups:
- RE: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
  - From: First Hosting Sales
- Re: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
  - From: Greg Hewitt-Long
- RE: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
  - From: First Hosting Sales
- RE: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
  - From: First Hosting Sales

References:
- [cobalt-users] Nimba scanner shell script
  - From: Glen Scott
- [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
  - From: Kham Vue

Prev by Date: [cobalt-users] Qube 2 messages log
Next by Date: Re: [cobalt-users] /var size catchall and bandwidth
Previous by thread: Re: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script
Next by thread: RE: [cobalt-users] Re: [cobalt-security] Nimba scanner shell script

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index