SSLUG-msg00392.html

[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]

[an error occurred while processing this directive] [an error occurred while processing this directive]

	Home		Subscribe		Mail Archive		Forum		Calendar		Search
	Date:				Thread:

Re: [MISC] Nimda statistik

To: sslug@sslug
Subject: Re: [MISC] Nimda statistik
From: sslug@sslug (Henrik Størner)
Date: Thu, 20 Sep 2001 22:15:35 +0000 (UTC)
Newsgroups: sslug.misc
Organization: Linux Users Inc.
References: <9ob5mv$n7d$1@osiris.hswn.dk> <9odpd5$vsi$1@www.sslug.dk>

In <sslug@sslug> "Michael Rasmussen" <sslug@sslug> writes:

>In article <sslug@sslug>, "Henrik Størner"
><sslug@sslug> wrote:

>> For de der måtte være nysgerrige efter hvor meget Nimda-ormen forsøger
>> sig hos SSLUG, har jeg udvidet min hurtigt sammen- strikkede "Code Red"
>> webside til også at have info om Nimda- angreb. I går (19.september) var
>> der knapt 3338 forsøg mod www.sslug.dk fra ca. 50 sites.
>> 
>> http://www.sslug.dk/mrtg/coderedtoday.html

>Var det muligt at få en kopi af dit script?

Selvfølgelig. Jeg tror nok jeg postede det allerede da Code Red
var "hot", men her er det med udvidelsen for Nimda:

#!/bin/sh

# Need this for date-formatting to work correctly ...
unset LC_ALL
unset LANG
export LC_ALL LANG

DATESTR=`date +"%d/%b/%Y"`

# Look for Code Red attacks
cat /var/log/httpd/access_log | grep -i "$DATESTR.*GET /default.ida" >/tmp/codered.$$
echo -e "\n\nCode Red attacks by originator IP\n"
CODEREDS=`cat /tmp/codered.$$ | wc -l`
echo "$CODEREDS Code Red attacks ignored"
echo ""
cat /tmp/codered.$$|awk '{print $1;}'|sort|uniq -c
echo ""
rm -f /tmp/codered.$$

# Look for Nimda attacks
cat /var/log/httpd/access_log | grep -i "$DATESTR.*cmd.exe" >/tmp/nimda.$$
echo -e "\n\nNimda attacks by originator IP\n"
NIMDA=`cat /tmp/nimda.$$ | wc -l`
echo "$NIMDA Nimda attacks ignored"
echo ""
cat /tmp/nimda.$$|awk '{print $1;}'|sort|uniq -c
echo ""
rm -f /tmp/nimda.$$

touch /home/www/www.sslug.dk/mrtg/coderedtoday.html

exit 0

-- 
Henrik Storner <sslug@sslug> 

Jeg søger job - http://www.hswn.dk/job/

Follow-Ups:
- Re: [MISC] Nimda statistik
  - From: Uffe R. B. Andersen
- Re: [MISC] Nimda statistik
  - From: Michael Rasmussen

References:
- Nimda statistik
  - From: Henrik Størner
- Re: [MISC] Nimda statistik
  - From: Michael Rasmussen

Prev by Date: Re: [MISC] Nimda statistik
Next by Date: Re: [MISC] Nimda statistik, Michael Rasmussen
Previous by Thread: Re: [MISC] Nimda statistik
Next by Thread: Re: [MISC] Nimda statistik
Index(es)
- Date Index
- Thread Index

Home

Subscribe

Mail Archive

Index

Calendar

Search

Questions about the web-pages to <www_admin>.

Last modified 2005-08-10, 19:24 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *