On Friday, September 21, 2001, at 12:54 PM, Steve Torrence wrote:
> Is it possible with Perl (or is something else better) to create a
> script that would alert the administrator of a code red type worm that
> his machine was infected. I know os x can not get infected by this but
> my 4 webservers are getting hammered by it and my bandwidth is
> dwindling. I know one webserver that has a great way of handling this.
> It's:
>
> <http://CodeRed.mdg.com>
>
> It just sends an email to the admin of that server telling them they
> are infected. Most people don't know they are infected and it might be
> the only alert they receive.
>
> It seems a script could listen on the http port for file requests that
> match certain patterns and then it could log the total hits from each
> machine and once a day or once a week send a message to the admin
> telling them they are hitting your server x amount of times a day for x
> amount of days for a total number of hits. The message could be sent
> once a day or week as long as the activity continues.
>
> Does anyone know if this can be done or better yet if a script already
> exists for it.
Download and install Apache::CodeRed from the CPAN archive at
http://www.perl.com/. It does exactly what you're suggesting, as well as
sending email to a site that is maintaining a registry of infected
systems. You can read more about it at
http://www.onlamp.com/pub/a/apache/2001/08/16/code_red.html
Mike Schienle
Interactive Visuals, Inc.
http://www.ivsoftware.com
