Date: Mon, 15 Oct 2001 23:15:01 +0200 From: "Leif Neland" <leifn@neland.dk> To: "Jan Knepper" <jan@digitaldaemon.com>, "FreeBSD ISP" <FreeBSD-ISP@FreeBSD.ORG> Subject: Re: script for reporting IIS worms??? Message-ID: <006d01c155be$740c60c0$6d05a8c0@neland.dk> References: <3BCB15A2.1070504@digitaldaemon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi,
>
> Has anyone by any chance written some kind of a script to report IIS
> worms from Apache log files???
>
If you just want an email: run this from cron:
awk '/default.ida/ || /cmd.exe/ {print $1, substr($4,2,14)}'
$access_log|sort -u
http://www.treachery.net/~jdyson/earlybird/ sends messages to the
netblockowner according to a whois-lookup.
http://www.threenorth.com/LaBrea/ creates tarpits which creates
virtual machines on unused ip's and tries to hold on to anything which
accesses those ip's as long as possible while using minimal bandwidth.
Leif
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006d01c155be$740c60c0$6d05a8c0>