HomecodeRedKiller: Apache CodeRed Countermeasures with PHP

Reply to comment

Thu, 08/30/2001 - 02:34 — reini urban (not verified)

Re: Apache CodeRed Countermeasures

Another short oneliner to count hits per day (just to teach some unix basics :)

maybe for your date format you'll have to tweak it but you
get the idea. with awk it would be easier of course.

tv:/var/log/httpd # grep "GET /default.ida?XXX" access.log |cut -f1,4 -d' '|cut -f1,2 -d'/'|sort -mb -t' '|uniq -c -f1

9 193.90.2.17 [04/Aug
96 193.171.149.30 [05/Aug
150 cevre.cu.edu.tr [06/Aug
193 193.133.13.215 [07/Aug
188 212.93.133.21 [08/Aug
123 193-152-185-156.uc.nombres.ttd.es [09/Aug
105 193.95.79.154 [10/Aug
76 193.171.150.237 [11/Aug
81 211.99.208.130 [12/Aug
54 193.171.7.35 [13/Aug
61 193.171.249.90 [14/Aug
67 d163037.lsb.pt.kpnqwest.net [15/Aug
103 193.171.150.237 [16/Aug
66 193.171.149.30 [17/Aug
42 193.171.50.156 [18/Aug
10 61.182.241.111 [19/Aug
11 193.95.105.179 [20/Aug
26 aste-genev-bois-102-1-1-167.abo.wanadoo.fr [21/Aug
17 e-188.vc-graz.ac.at [22/Aug
23 archlars.nic.it [23/Aug
50 aneuilly-101-1-4-61.abo.wanadoo.fr [24/Aug
7 amontpellier-201-1-4-75.abo.wanadoo.fr [25/Aug
10 193.67.81.97 [26/Aug
7 193.105.44.190 [27/Aug
10 193.15.188.4 [28/Aug

This curve persuaded me to turn it off a few days (25/Aug).
The IP is the first hit per day. only the number (count/day) is interesting.

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <hr> <li> <dl> <dt> <dd> <pre> <b> <h1> <h2> <h3> <blockquote>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
10 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.