Disclaimer Notice(s)
This copyright notice cannot be removed in any case, and should be included
in every Dynamix project or demo code.
The author isn't responsible of any damage could be caused by this software.
Use it at your own risk !
@todo a lot i guess :-)
@author Ben Yacoub Hatem
@version 1.0.0 20-04-2003 13:42:36 generated using DxPHPClassBuilder by Hatem
<?php
error_reporting(1);
/**
* Definition of Trigger Words
*/
define("TRIGGER1", "GET \/default\.ida\?NNNNNN" ); /* CodeRed I */
define("TRIGGER2", "GET \/default\.ida\?XXXXXX" ); /* CodeRed II */
define("TRIGGER3", "GET \/scripts\/root\.exe" ); /* Nimda */
// define("TRIGGER4", "" ); /* W32.Klez */
class worms
{
/**
* @var accesslog
* @see _set_accesslog(), _get_accesslog()
* @access public
*/
var $accesslog = "C:\apache\logs\access.log";
/**
* @var hackers
* @see _set_hackers(), _get_hackers()
* @access public
*/
var $hackers = array();
/**
* @var counter
* @see _set_counter(), _get_counter()
* @access public
*/
var $counter = array(
"codered1" => 0,
"codered2" => 0,
"nimda" => 0
);
/**
* @var result
* @access public
*/
var $result;
/**
* Class worms constructor
*/
function worms()
{
}
/**
* Class worms Methods
*/
/**
* method get_apache_worms
*
* @param none
*
* @return result of anaylising worms on access log
* @access public
*/
function get_apache_worms()
{
$fd = fopen($this->accesslog,"r");
while ($x = fgets($fd,1024)) {
list($ip , , ,$time , $GMT, , , $f, , , $referer , ) = explode(" ", $x);
if (ereg("/*.".TRIGGER1.".*/", $x, $parts))
{
$this->result .= "<b><font color=red>CodeRed I <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time$GMT</b><br>\n";
array_push($this->hackers, $x);
$this->counter[codered1]++;
}
if (ereg("/*.".TRIGGER2.".*/", $x, $parts))
{
$this->result .= "<b><font color=red>CodeRed II <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time$GMT</b><br>\n";
array_push($this->hackers, $x);
$this->counter[codered2]++;
}
if (ereg("/*.".TRIGGER3.".*/", $x, $parts))
{
$this->result .= "<b><font color=red>Nimda <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time$GMT</b><br>\n";
array_push($this->hackers, $x);
$this->counter[nimda]++;
}
}
return $this->report();
}
/**
* Personalize the HTML report here
*/
function report()
{
$this->result .= "\n\n<br>
<b>Apache Worms attack Analyser : </b><br><br>\n
Number of worms attack detected : ".sizeof($this->hackers)." Attacks<br>\n
N° CodeRed I Attacks: ".$this->counter[codered1]." Attacks<br>\n
N° CodeRed II Attacks: ".$this->counter[codered2]." Attacks<br>\n
N° Nimda Attacks: ".$this->counter[nimda]." Attacks<br>\n
";
return $this->result;
}
/**
* Class worms : Return privat class variables functions
*/
/**
* Return accesslog value
*
* @return return accesslog value
* @see var $accesslog
*/
function _get_accesslog()
{
return $this->accesslog;
}
/**
* Return hackers value
*
* @return return hackers value
* @see var $hackers
*/
function _get_hackers()
{
return $this->hackers;
}
/**
* Return counter value
*
* @return return counter value
* @see var $counter
*/
function _get_counter()
{
return $this->counter;
}
/**
* Class worms : Set privat class variables functions
*/
/**
* Set $accesslog value
* @param $_accesslog the variable value to set
* @see var $accesslog
*/
function _set_accesslog($_accesslog)
{
$this->accesslog = $_accesslog;
}
/**
* Set $hackers value
* @param $_hackers the variable value to set
* @see var $hackers
*/
function _set_hackers($_hackers)
{
$this->hackers = $_hackers;
}
/**
* Set $counter value
* @param $_counter the variable value to set
* @see var $counter
*/
function _set_counter($_counter)
{
$this->counter = $_counter;
}
}
$worm = new worms;
echo $worm->get_apache_worms();
?>
