Worm Report
Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
| Tags | Internet Web HTTP Servers Site Management Security Logging Monitoring Systems Administration Utilities |
|---|---|
| Licenses | Public Domain |
| Operating Systems | OS Independent |
| Implementation | Perl |
Recent releases
- 21 Sep 2001 09:54
Release Notes: This release contains a fix for a bug, affecting older Perl interpreters, where a mask is required for the mkdir command. It also more tightly checks the DATA section to safegaurd against the inclusion of blank lines, which would otherwise cause every log entry to be matched.
- 20 Sep 2001 04:24
Release Notes: Initial release. Helpful for tracking hits from sites wormed with Code Red, Code Red II, and NIMDA.
rmuhlestein
19 Sep 2001 19:48
Heartbeat
- Popularity Score
- 13.30
- Vitality Score
- 1.41
- Subscriptions
- 2
