[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Apache/mod_ssl Worm (cross-post)
- Subject: Re: [cobalt-security] Apache/mod_ssl Worm (cross-post)
- From: Larry Smith <lesmith@xxxxxxxxx>
- Date: Mon, 16 Sep 2002 10:10:54 -0500
- Organization: ECSIS.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
INRE: On Monday 16 September 2002 07:51 am, Glen Scott wrote:
For those with RAQ4 systems, simply comment out the following lines and the
script will still work (you just won't get the whois information):
> ## my $command = 'whois ' . $name . '@whois.abuse.net';
>
> # lookup abuse email address using
> ## abuse.net my $output = `$command`;
>
> # grab email address
> ## if ( $output =~ m/([a-zA-Z0-9_-]+@\S+)/ ) {
> ## $abuse_email = $1;
> ## }
For those with "other" systems, eg SUSE, RedHat, Caldera, the whois command
works better written thus (at least for me):
my $command = 'whois -h whois.abuse.net ' . $name;
So far I am showing about 120 + scans per machine that I have up, but no
"breaches" yet.... (fingers crossed)....
--
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx