|
|
|
|
|
|
| |
This is a php utility that will help you scan Apache access log files.
It reports about possible attacks of worms like: CodeRed I and II and Nimda.
worms : Analyse and return http worms attack detected on apache access logs
by Dynamix © 2002-2003 all rights reserved
OSI License : GNU Lesser General Public License (LGPL)
Disclaimer Notice(s)
This copyright notice cannot be removed in any case, and should be included
in every Dynamix project or demo code.
The author isn't responsible of any damage could be caused by this software.
Use it at your own risk !
@todo a lot i guess :-)
@author Ben Yacoub Hatem
@version 1.0.0 20-04-2003 13:42:36 generated using DxPHPClassBuilder by Hatem
|
<?php
error_reporting(1);
/**
* Definition of Trigger Words
*/
define("TRIGGER1", "GET \/default\.ida\?NNNNNN" ); /* CodeRed I */
define("TRIGGER2", "GET \/default\.ida\?XXXXXX" ); /* CodeRed II */
define("TRIGGER3", "GET \/scripts\/root\.exe" ); /* Nimda */
// define("TRIGGER4", "" ); /* W32.Klez */
class worms
{
/**
* @var accesslog
* @see _set_accesslog(), _get_accesslog()
* @access public
*/
var $accesslog = "C:\apache\logs\access.log";
/**
* @var hackers
* @see _set_hackers(), _get_hackers()
* @access public
*/
var $hackers = array();
/**
* @var counter
* @see _set_counter(), _get_counter()
* @access public
*/
var $counter = array(
"codered1" => 0,
"codered2" => 0,
"nimda" => 0
);
/**
* @var result
* @access public
*/
var $result;
/**
* Class worms constructor
*/
function worms()
{
}
/**
* Class worms Methods
*/
/**
* method get_apache_worms
*
* @param none
*
* @return result of anaylising worms on access log
* @access public
*/
function get_apache_worms()
{
$fd = fopen($this->accesslog,"r");
while ($x = fgets($fd,1024)) {
list($ip , , ,$time , $GMT, , , $f, , , $referer , ) = explode(" ", $x);
if (ereg("/*.".TRIGGER1.".*/", $x, $parts))
{
$this->result .= "<b><font color=red>CodeRed I <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time $GMT</b><br>\n";
array_push($this->hackers, $x);
$this->counter[codered1]++;
}
if (ereg("/*.".TRIGGER2.".*/", $x, $parts))
{
$this->result .= "<b><font color=red>CodeRed II <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time $GMT</b><br>\n";
array_push($this->hackers, $x);
$this->counter[codered2]++;
}
if (ereg("/*.".TRIGGER3.".*/", $x, $parts))
{
$this->result .= "<b><font color=red>Nimda <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time $GMT</b><br>\n";
array_push($this->hackers, $x);
$this->counter[nimda]++;
}
}
return $this->report();
}
/**
* Personalize the HTML report here
*/
function report()
{
$this->result .= "\n\n<br>
<b>Apache Worms attack Analyser : </b><br><br>\n
Number of worms attack detected : ".sizeof($this->hackers)." Attacks<br>\n
N° CodeRed I Attacks: ".$this->counter[codered1]." Attacks<br>\n
N° CodeRed II Attacks: ".$this->counter[codered2]." Attacks<br>\n
N° Nimda Attacks: ".$this->counter[nimda]." Attacks<br>\n
";
return $this->result;
}
/**
* Class worms : Return privat class variables functions
*/
/**
* Return accesslog value
*
* @return return accesslog value
* @see var $accesslog
*/
function _get_accesslog()
{
return $this->accesslog;
}
/**
* Return hackers value
*
* @return return hackers value
* @see var $hackers
*/
function _get_hackers()
{
return $this->hackers;
}
/**
* Return counter value
*
* @return return counter value
* @see var $counter
*/
function _get_counter()
{
return $this->counter;
}
/**
* Class worms : Set privat class variables functions
*/
/**
* Set $accesslog value
* @param $_accesslog the variable value to set
* @see var $accesslog
*/
function _set_accesslog($_accesslog)
{
$this->accesslog = $_accesslog;
}
/**
* Set $hackers value
* @param $_hackers the variable value to set
* @see var $hackers
*/
function _set_hackers($_hackers)
{
$this->hackers = $_hackers;
}
/**
* Set $counter value
* @param $_counter the variable value to set
* @see var $counter
*/
function _set_counter($_counter)
{
$this->counter = $_counter;
}
}
$worm = new worms;
echo $worm->get_apache_worms();
?> | |
|
|
| PHP Based Apache + Mysql Error Log Parser
Categories : PHP, PHP Classes, Apache, MySQL, Log Files | | | A damaged image generator (class) for validating text.
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
Categories : PHP, PHP Classes, Security, GD image library, Security | | | An efficient iterative and buffered text file reader
Categories : PHP, Classes and Objects, Filesystem, PHP Classes, Log Files | | | Generating and Matching Secure and Strong Password Hash
Categories : PHP, PHP Classes, Cryptography, Security | | | logger class (PHP5 +)
Categories : PHP, PHP Classes, Log Files, XML | | | Use of bitmasks to represent permissions
Categories : PHP, Authentication, Bitwise Operators, Security, PHP Classes | | | Password Creator: This PHP code exmaple shows how to use bitwise operations on a single variable and using it as a flagged variable. The class generates passwords of a given length using specified characters and the flags.
Categories : PHP, PHP Classes, Algorithms, Security | | | Antispoof - a class to help prevent people hi-jacking and misusing parts of a website
Categories : PHP, PHP Classes, Security | | | Scramble Eggs - php class to scramble/encode
Categories : PHP, PHP Classes, Security, Encryption | | | Forms protected from XSS attacks (FOPAXSS)
Categories : PHP, PHP Classes, Form Processing, Security | | | .htpassword manager for apache
Categories : PHP, PHP Classes, Authentication, Apache | | | filesplit : Split big text files in multiple small ones
Categories : PHP, Log Files, Filesystem, PHP Classes | | | Password protection for Phorum 3.1.x with userlevels and log.
Categories : PHP, MySQL, Authentication, Security | | | IP Blocking
Categories : PHP, Security, HTTP | | | Session Validation Methods (Security Checks)
Categories : PHP, Sessions, Security | |
|
|
