blob: 219aaf029c6d533c51e5b8b257f39d038f3c79f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
|
Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and
other malicious probes. For each one found, track down the contact email
from WHOIS data and send a notice. Built-in rate controls prevent flooding
an admin even when his machines are scanning at high rates. Runs as a
non-privileged cron job to not interfere with the HTTP daemon's operation.
WWW: http://www.cs.cmu.edu/~dpelleg/hunch.html
-- Dan Pelleg
daniel+hunch@pelleg.org
|
