[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [MISC] Nimda statistik



In <sslug@sslug> "Michael Rasmussen" <sslug@sslug> writes:

>In article <sslug@sslug>, "Henrik Størner"
><sslug@sslug> wrote:

>> For de der måtte være nysgerrige efter hvor meget Nimda-ormen forsøger
>> sig hos SSLUG, har jeg udvidet min hurtigt sammen- strikkede "Code Red"
>> webside til også at have info om Nimda- angreb. I går (19.september) var
>> der knapt 3338 forsøg mod www.sslug.dk fra ca. 50 sites.
>> 
>> http://www.sslug.dk/mrtg/coderedtoday.html

>Var det muligt at få en kopi af dit script?

Selvfølgelig. Jeg tror nok jeg postede det allerede da Code Red
var "hot", men her er det med udvidelsen for Nimda:

#!/bin/sh

# Need this for date-formatting to work correctly ...
unset LC_ALL
unset LANG
export LC_ALL LANG

DATESTR=`date +"%d/%b/%Y"`

# Look for Code Red attacks
cat /var/log/httpd/access_log | grep -i "$DATESTR.*GET /default.ida" >/tmp/codered.$$
echo -e "\n\nCode Red attacks by originator IP\n"
CODEREDS=`cat /tmp/codered.$$ | wc -l`
echo "$CODEREDS Code Red attacks ignored"
echo ""
cat /tmp/codered.$$|awk '{print $1;}'|sort|uniq -c
echo ""
rm -f /tmp/codered.$$

# Look for Nimda attacks
cat /var/log/httpd/access_log | grep -i "$DATESTR.*cmd.exe" >/tmp/nimda.$$
echo -e "\n\nNimda attacks by originator IP\n"
NIMDA=`cat /tmp/nimda.$$ | wc -l`
echo "$NIMDA Nimda attacks ignored"
echo ""
cat /tmp/nimda.$$|awk '{print $1;}'|sort|uniq -c
echo ""
rm -f /tmp/nimda.$$

touch /home/www/www.sslug.dk/mrtg/coderedtoday.html

exit 0

-- 
Henrik Storner <sslug@sslug> 

Jeg søger job - http://www.hswn.dk/job/



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 19:24 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *