Re: Cleaning up httpd access logs

Subject: Re: Cleaning up httpd access logs
From: Gawain (lists0501@guitar.net)
Date: Sat Dec 22 2001 - 11:32:37 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Gordon Neault: "Re: Book Recommendation"
• Previous message: Ken Schweigert: "Re: Cleaning up httpd access logs"
• In reply to: Zeke Runyon: "Cleaning up httpd access logs"
• Next in thread: Mark Jaffe: "Usage of PHP?"
• Reply: Gawain: "Re: Cleaning up httpd access logs"

At 8:22 PM -0500 on 12/21/01, Zeke Runyon wrote:

>My /var/log/httpd/access_log is cluttered with around 50 hits of
>strange code red and other windows virus requests, like:
>
>65.31.216.17 - - [21/Dec/2001:06:11:29 -0500] "GET
>/MSADC/root.exe?/c+dir HTTP/1.0" 404 274
>
>
>
>Do any of you know/have written a good script to filter these out or
>know how to prevent the requests from reaching my machine?
>

It won't stop the requests from coming, but this script will likely
make you feel better:

<http://www.treachery.net/~jdyson/earlybird/>

It's a worm intrusion detection and reporting script that will
automatically and instantly notify admins that their (or their
customer's) machine is attempting to break into your server. It has
logging and reporting features and is easy to install. It currently
responds to intrustion attempts by the Code Red, Code Red II and
Nimda worms.

Gawain

• Next message: Gordon Neault: "Re: Book Recommendation"
• Previous message: Ken Schweigert: "Re: Cleaning up httpd access logs"
• In reply to: Zeke Runyon: "Cleaning up httpd access logs"
• Next in thread: Mark Jaffe: "Usage of PHP?"
• Reply: Gawain: "Re: Cleaning up httpd access logs"

This archive was generated by hypermail 2a24 : Sat Dec 22 2001 - 11:46:04 MST