Re: apache hack attempts
From: Empty (empty@emptiedout.com)Date: 08/13/01
- Previous message: Mark Weaver: "Re: apache hack attempts"
- In reply to: Jeff Hedgpeth: "Re: apache hack attempts"
- Next in thread: Justin A: "Re: apache hack attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <5.0.2.1.2.20010813100816.02ca4ba0@mail.oz.net> Date: Mon, 13 Aug 2001 10:13:27 -0700 To: focus-linux@lists.securityfocus.com From: Empty <empty@emptiedout.com> Subject: Re: apache hack attempts
>vsansevero@linksys.com wrote:
> > #/bin/sh
> > cat access_log* | grep default.ida | cut -d ' ' -f 1 > infected-ips
This would be much more efficinet with `grep default.ida access_log* | cut
-d ' ' -f 1 | sort | uniq >> ~abuse/codered.infected`, as it would keep
multiple entries from piling up too badly and not blast out that logfile
every time it came out of sleep. Not to mention the earlier suggestions
involving while looping.
Personally I'd use Perl, and simply have it look up authoritative info for
each ISP, send email to ones it hasn't before, etc.
At 03:01 PM 8/10/2001 -0500, Jeff Hedgpeth wrote:
>err.. don't leave this running unattended. it respawns (sh redworm.sh)
>instead of actual looping (while; do) and could eventually hit your
>process limit.
Not to mention each spawn forks 3 other processes in addition to itself.
>also, the ISP probably already has its hair on fire, and may help you
>solve your problem without your "input" (literally :)
Yeah, we do. I am an abuse admin, and this weekend alone I got well over a
hundred reports.
~Empty, who speaks for himself and himself alone here.
--- "...and that rug is called Truth" -Paintgrrl http://www.emptiedout.com
- Previous message: Mark Weaver: "Re: apache hack attempts"
- In reply to: Jeff Hedgpeth: "Re: apache hack attempts"
- Next in thread: Justin A: "Re: apache hack attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
