Personally there are just too many things to keep an eye on in log files. A while back
we got tired of hunting them down so we wrote a very small perl script that can scan
all of our log files for hits. Its not very fancy but has served its purpose over and
over again. Any of you are welcome to download it at our site under tools/help
section.(cnsonline.com) The downloadable one has been customized for a basic install
of Sambar. Just check the paths and make sure they match your environment.
Note: There are 2 logcheck files out there.. Be sure to get the one commented as
cgilogcheck. And as for where we store the one we use on our servers, I would
recommend you .htaccess protect it as we do.. ie; /cgi/protected/logcheck.cgi. Don't
want people sniffing around your log files with this. :)
Danny
On 08/Jul/2002 23:52:24, Gordon Stewart wrote:
> At 07:36 8/07/02 +0200, Holger Lembke wrote :-
> > > Recently, I have had a flurry of attempts looking for a
> > > formmail.pl script in the cgi-bin directory.
> >
> >A well known attack. To get a rough idea, what is up at your [tm] system,
> >use:
> >
> >
> >#!/usr/bin/perl
> >
> >open(LOG,'>>formmail_log') or die $!;
> >print LOG scalar(localtime). ", $ENV{'REMOTE_ADDR'},
> >$ENV{'QUERY_STRING'}\n";
> >close LOG;
> >
> >sleep(30);
> >print "Content-type: text/plain\n\n";
> >print "You have been logged. A complaint will be sent to your provider.";
>
> Of course, you can use the
>
> $ENV{HTTP_REFERER} - to only accept all forms from your site, & reject any
> other sites..
>
> G.
> -------------------------------------------------------
> To unsubscribe please go to <A TARGET="_blank"
>HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A>
>
>
>
>
>
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/
