Nimda/Code Red - IIS Log Viewer Code

From: HaffyHaf (
Date: 06/05/02

From: (HaffyHaf)
Date: 4 Jun 2002 15:13:30 -0700


If you are like us you probably get a bunch of scans from computers
infected with Nimda or Code Red.

Our logs get filled up quickly with these and our normal traffic.

So I wrote some ASP pages that allows me to configure a file to search
for certain unusual characteristics in a URL - such as cmd.exe,
root.exe, scripts, etc.

The program can view all entries in the log or only possible hack
attempts. It displays the IP and a link to WHOIS. It also creates an
email link with a preformatted message.

What I have been doing is looking through my logs, and then looking up
their IP and finding a contact email. I then send an email to them
alerting them they are possibly infected with Nimda or Code Red.

The ASP pages are free at our website if you think this would help you
out. You can find out more information at .

Hope this helps someone out!