[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Nimba scanner shell script
- Subject: Re: [cobalt-security] Nimba scanner shell script
- From: "Kham Vue" <admin@xxxxxxxxxxx>
- Date: Thu, 20 Sep 2001 09:17:14 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Glen,
I have converted your shell script into a PHP web page.
For those that are interested, just place the script on your Cobalt server.
<!-------- Beginning of code ---->
<html><head>
<title>PERL Worm Scanner by [kjv]</title>
</head>
<B><H3>Code Red, Nimda and Other Worm Scanner </H3></B>
By <a href="mailto:webmaster@xxxxxxxxxxxxx">Kham Vue</a><br>
<a href="http://www.sengtroni.com">www.sengtroni.com</a><br>
Original SHELL script by Glenn Scott glen@xxxxxxxxxxxxxxxxxxxxx
<P>
This server has received <B>
<? system("cat /var/log/httpd/access | grep
'/scripts/root.exe?/c+dir'|wc -l") or die ("Could not open web logs!");?>
</B> scans for <i>"/script/root.exe"</i> from <b>
<?system("cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
cut -d '' -f2 | sort | uniq | wc -l");?>
</b> different IP addresses! <BR>
The server has been attacked <B>
<?system("cat /var/log/httpd/access | grep '/default.ida'|wc -l")?>
</b> times by the Code Red Virus from <b>
<?system("cat /var/log/httpd/access | grep '/default.ida' | cut -d '' -f2 |
sort | uniq | wc -l");?>
</b> different IP Addresses!!!!
<P><HR>
This script comes "as is". Any modifications, please update the author via
email.
</body></html>
<!----- End of Code -->
--------------------------------------------------------------
Kham Vue
Internet Admin
The City of Wadsworth
WADSNET.COM High Speed Internet Service
kvue@xxxxxxxxxxx
" If you continue to think the way you've always thought,
then you will continue to get what you always got!"