|
|
Total count of hits?
I was poking around on my access_log, and I noticed that "_vti_bin" was not the only crud that Nimda requests from your machine. I saw stuff containing "default.ida", "cmd.exe" and "root.exe" so I modified the mentioned script to (hopefully) show every single hit that Nimda had on your machine.
Here it is:
egrep -i "(_vti_bin|default.ida|cmd.exe|root.exe)" /var/log/httpd/access_log* | cut -f 1 -d ' ' | sort | wc -lLet me know if this is showing a correct number, or is totally whacked. On my machine which is running 10 about 3 to 4 hours a day, it's had 3459 hits from Nimda. -THX
Ooops!
Whoops, I messed up part of this, but I don't think it affects the final count much much.
All the lines that contain "_vti_bin" also contain "cmd.exe", so I'll leave "_vti_bin" out of this, however the count is still the same. I also talked to a friend, who says this will also show the amount of Code Red hits also, because they exploit some of the same vulnerabilities.
Here's the new command:
egrep -i "(default.ida|cmd.exe|root.exe)" /var/log/httpd/access_log* | cut -f 1 -d ' ' | sort | wc -l-THX
Total count of hits?
I wrote a CGI perl script that will tell you the addresses, number of hits, number of unique hits, and total number of requests from the Nimda worm. It's based on the grep code from here. Just drop it into your CGI-Executables directory and access it to look at the hits. Note that this works with your access_log, so if you filtered out the hits, it won't tell you the correct number.
You can grab the script here: newworm.pl
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|