blob: 2d44e8f3de6eb4d458f43a13b539bb51bca80d41 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
|
Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and
other malicious probes. For each one found, track down the contact email
from WHOIS data and send a notice. Built-in rate controls prevent flooding
an admin even when his machines are scanning at high rates. Runs as a
non-privileged cron job to not interfere with the HTTP daemon's operation.
WWW: http://web.cs.cmu.edu/~dpelleg/hunch.html
-- Dan Pelleg
daniel+hunch@pelleg.org
|
