Welcome to Geeklog, Anonymous Monday, November 25 2024 @ 09:36 pm EST

Geeklog Forums

Stats for Webworms on static page


Status: offline

jhk

Forum User
Chatty
Registered: 07/13/02
Posts: 57

I have added a staticpage with php to my site, which shows how many times (since the last httpd access log reset) my server has been hit by a worm. The page counts CodeRed I & II plus Nimda. There are still a staggering number of infected servers and workstations out there spreading the worms to unpatched MS IIS servers. You can see my page here.

I have tried to make my code fairly GL compatible, but you may have to change a few things to suit your own theme. If the Apache log is in a different location on the server, change the first line of the script. Make sure it is readable by your webserver user (eg. "web" or "www"). The code is ready for pasting into a staticpage. Don't forget to activate php!

/Jens

Text Formatted Code

$file = "/var/log/httpd/access_log";
$fh = fopen ("$file","r") or die ("Cannot find access_log!");
$counter1 = 0;
$counter2 = 0;
$counter3 = 0;
while (!feof ($fh)) {
    $line = fgets ($fh, 4096);
    if (ereg ("default.ida",$line)) {
        if (ereg ("default.ida\?XXX",$line)) $counter2++;
        if (ereg ("default.ida\?NNN",$line)) $counter1++;
    }
    if (ereg ("c\+dir",$line)) $counter3++;
}
fclose ($fh);

$display .= "<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"3\">";
$display .= "<tr>";
$display .= "<td align=\"center\"><colspanp=\"2\" class=\"blockcontent\"><br>";
$display .= "<span class = \"Header2\"><a href=\"http://www.ravantivirus.com/virus/showvirus.php?v=75\" target=\"_blank\">Code Red</a></span><br>";
$display .= $counter1 . "<br><br>";
$display .= "<span class = \"Header2\"><a href=\"http://www.ravantivirus.com/virus/showvirus.php?v=75\" target=\"_blank\">Code Red II</a></span><br>";
$display .= $counter2 . "<br><br>";
$display .= "<span class = \"Header2\"><a href=\"http://www.ravantivirus.com/virus/showvirus.php?v=78\" target=\"_blank\">Nimda</a></span><br>";
$display .= $counter3 . "<br><br></tr>";
$display .= "<tr><td align=\"left\"><colspanp=\"2\" class=\"blockcontent\">";
$display .= "Owners of insufficiently patched webservers may be attacked by these automated worms. The worms all attack servers running Microsoft IIS. ";
$display .= "This page gives you an idea of how prevalent and active these worms actually are. There is no excuse for being infected by them. ";
$display .= "The numbers are from the Apache log which is reset every saturday at midnight.<br>";
$display .= "Based on code by <a href=\"http://www.famililybrown.org\">Dan Brown</a>.<br><br>";
$display .= "Stats generated " . strftime ($_CONF['date'], time()) . " (The date listed below the bar is the last update of the page HTML/PHP code).<br><br>";
$display .= "</td></tr>";
$display .= "<tr><td align=\"left\" class=\"blockheader\"> </td>";
$display .= "<td align=\"right\" class=\"blockheader\"> </td></tr>";
$display .= "</table>";

return $display;
 
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
I don't really want to sound like a broken record, but please use the
Text Formatted Code
...
tags when posting code. Or, especially when it's a larger piece, make it available for download somewhere (or upload it here). bye, Dirk
 Quote

Status: offline

jhk

Forum User
Chatty
Registered: 07/13/02
Posts: 57
I actually tried using <code> ... </code> and <pre> ... </pre> which really messed up my post. I had forgotten about the square
Text Formatted Code
 tags. Sorry.

/Jens
 Quote

Status: offline

jhk

Forum User
Chatty
Registered: 07/13/02
Posts: 57
Okay, download link is here.
 Quote

All times are EST. The time is now 09:36 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content