Worm Report is a very simple Perl script to filter out the known worm (Code Red, Nimda) hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
|Tags||Internet Web HTTP Servers Site Management Security Logging Monitoring Systems Administration Utilities|
|Operating Systems||OS Independent|
Release Notes: This release contains a fix for a bug, affecting older Perl interpreters, where a mask is required for the mkdir command. It also more tightly checks the DATA section to safegaurd against the inclusion of blank lines, which would otherwise cause every log entry to be matched.
Release Notes: Initial release. Helpful for tracking hits from sites wormed with Code Red, Code Red II, and NIMDA.