Glen,
I have converted your shell script into a PHP web page.
For those that are interested, just place the script on your Cobalt server.
<!-------- Beginning of code ---->
<html><head>
<title>PERL Worm Scanner by [kjv]</title>
</head>
<B><H3>Code Red, Nimda and Other Worm Scanner </H3></B>
By <a href="mailto:[EMAIL PROTECTED]";>Kham Vue</a><br>
<a href="http://www.sengtroni.com";>www.sengtroni.com</a><br>
Original SHELL script by Glenn Scott [EMAIL PROTECTED]
<P>
This server has received <B>
<? system("cat /var/log/httpd/access | grep
'/scripts/root.exe?/c+dir'|wc -l") or die ("Could not open web logs!");?>
</B> scans for <i>"/script/root.exe"</i> from <b>
<?system("cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
cut -d '' -f2 | sort | uniq | wc -l");?>
</b> different IP addresses! <BR>
The server has been attacked <B>
<?system("cat /var/log/httpd/access | grep '/default.ida'|wc -l")?>
</b> times by the Code Red Virus from <b>
<?system("cat /var/log/httpd/access | grep '/default.ida' | cut -d '' -f2 |
sort | uniq | wc -l");?>
</b> different IP Addresses!!!!
<P><HR>
This script comes "as is". Any modifications, please update the author via
email.
</body></html>
<!----- End of Code -->
--------------------------------------------------------------
Kham Vue
Internet Admin
The City of Wadsworth
WADSNET.COM High Speed Internet Service
[EMAIL PROTECTED]
" If you continue to think the way you've always thought,
then you will continue to get what you always got!"
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
