I just have to offer a small cleanup for the script below:
#!/bin/bash
grep default.ida /var/log/httpd/access_log | awk -F- '{print $1}' | sort -u >>
/etc/hosts.deny
On Wed, 19 Sep 2001, Michael Stack wrote:
=>I just checked my log files, and unfortunately, these don't look like Code
=>Red scans. I think they're coming from the Nimda worm. IIRC, Code Red would
=>request a "default.ida" file with a bunch of garbage appended to the
=>request. This worm seems to try a number of different requests for files
=>like cmd.exe, script.exe, etc.
=>
=>I wrote a script to add IP addresses from which Code Red attacks originated
=>to my hosts.deny file, but I think that file only gets consulted when httpd
=>is called from xinetd, not when it is run as a standalone application.
=>
=>#!/bin/bash
=>
=>cat /var/log/httpd/access_log | grep default.ida | awk '{ FS = "-" } { print
=>$1 }' |
=>sort | uniq >> /etc/hosts.deny
=>
--
-Time flies like the wind. Fruit flies like a banana. Stranger things have -
-happened but none stranger than this. Does your driver's license say Organ
-Donor?Black holes are where God divided by zero. Listen to me! We are all-
-individuals! What if this weren't a hypothetical question? [EMAIL PROTECTED]
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
