作者 主題: Windows worm du jour.  (閱讀 4144 次)

0 會員 與 1 訪客 正在閱讀本文。

劍客

  • 活潑的大學生
  • ***
  • 文章數: 238
    • 檢視個人資料
    • http://kalug.ks.edu.tw
Windows worm du jour.
« 於: 2001-09-21 14:53 »
Tech Tip

The Linux Journal web site, like others, is getting a lot of traffic from the Windows worm du jour. Here's the cron job our sysadmin team is using to block them from our Apache-based site.

#!/bin/sh
#
# Block sites which originate Nimba queries from Apache server
# Apache must be configured with HostnameLookups Off

LOGS=/var/log/httpd

cd $LOGS

grep '^[0-9]*.[0-9]*.[0-9]*.[0-9]* ' * 2>/dev/null |
awk '/system32/cmd.exe/ {sub(/[^:]*:/,"");print $1}' |
sort -u |
while read host
do
if ! fgrep $host /var/tmp/blocked >/dev/null
then
echo $host >>/var/tmp/blocked
/sbin/ipchains -I input -s $host -j DENY -l
fi
done