[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Off Topic: CodeRed Virus
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Off Topic: CodeRed Virus
- From: Wolfgang Zeikat <w_(_dot_)_zeikat_(_at_)_webseek_(_dot_)_de>
- Date: Sat, 8 Sep 2001 13:37:31 +0200
i wrote two bash scripts to handle HTTP requests from CodeRed-infected
the first one extracts the typical lines from Apache logs and sends the
output to redalert_(_at_)_dshield_(_dot_)_org
the second one does whois-lookups at whois.RIPE.net for the IPs of those
and notifies the tech-c email address automatically.
it also contains various known IP blocks with their respective abuse email
addresses and will use those addresses for notifications.
the second script will work best on european servers in its current form -
for non-european IPs and thus for whois.ARIN.lookups they would have to be
modified, since ARIN uses a different whois database format.
so the second script should mostly be of interest if your HTTP server is
located in europe - reminder: Code Red mostly scans the IP neighbourhood -
some non-EU networks' IP blocks and their abuse addresses have been added
so those would be notified too.
for info about Code Red see
Visit your host, monkey.org