Well, here's my first effort...
Basically, it's an IIS (yeah yeah boo hiss:lol: ) Log parser CGI for Nimda and CodeRed, see it in action on http://www.xscode.d2g.com
I know it's not commented yet, but i'll work on it.....
###################################
#!/usr/bin/perl
use Date::Format;
my $path_to_logs = 'E:\\WINNT\\system32\\LogFiles\\W3SVC1\\';
my $file = join('',$path_to_logs,'ex',time2str("%y%m%d",time),'.log');
my $nimcount = 0;
my $redcount = 0;
open(FILE,"$file") || die 'file could not be opened';
print "Content-type: text/html\n\n";
while(<FILE>){
chomp;
if($_=~ /root.exe/i or /cmd.exe/i or /admin.dll/i)
{
$nimcount+=1;
my @tmp = split(/\s/);
push(@IPs,$tmp[1]);
}
if($_=~ /default.ida\sA+/i or /x.ida\sA+/i)
{
$redcount+=1;
my @tmp = split(/\s/);
push(@IPs,$tmp[1]);
}
}
close(FILE);
print "<html><body>";
print "<h1>Nimda attacks today: $nimcount</h1><br>";
print "<h1>CodeRed attacks today: $redcount</h1><br>";
print "<a href=\"/scripts/nimprev.cgi\">Previous days</a><br>";
print "<h3>IP\'s of today's attackers</h3>";
print &doips(@IPs);
print "<br></body></html>";
sub doips {
my @array = (@_);
my $mainret = '';
foreach $item (@array)
{
$hash{$item}+=1;
}
foreach $key (keys %hash)
{
my $ret = join(" ", $key, " ( $hash{$key} )");
$mainret = join("<br>", $mainret, $ret);
}
return $mainret;
}
########################################