Domain: kryptolus.com
Stories and comments across the archive that link to kryptolus.com.
Comments · 8
-
Perl script?
-
Perl script?
-
Re:this thing is fascinating
It has been 51 hours since I re-opened outside access to my webserver (apache), to identify the type of attack. They were previously logged in my firewall but are not recognizable except for the port number: 80.
I'm using Kryptolus' script to scan my logs and generate a report. Here is a snapshot of this report. (pages are currently not there, nbci seems to refuse ftp upload. I'll try later)
The count is now at 1123 and still rising. The bulk of the connections is from my ISP's DSL network (in Belgium), but I'm also seeing attempts from outside: Honk Kong, Taiwan or Sweden for example. If these computers are trying each possible IP, think of the number of checks they have made before reaching me! ;) -
Re:JSP Garbage
Thanks
:)
Version 0.8 is available which can now automatically detect and process gzipped logs -
Re:JSP Garbage
You might want to note that this can take long to run. I've had approx 1800 attacks on my machine, with a log file of about 55MB, and running this command right in the web page would make each request take about 10-15 seconds.
Multiply that by 1 request per second and you're toast. I'd suggest strongly that you use something else to generate your statistics OFFLINE, such as this excellent perl program which also generates quite a nifty, sortable report!
To the author of that, by the way, a warm thank you! I'm using it myself! -
report report report!Continue to mail in the suspected hosts...
grep default.ida access_log* | mail -s 'APACHE' redalert@dshield.org
so they can keep a count of the infections and see how the worm is propagating through the networks. I myself have been hit 154 times today, but that's a low number because my ISP made our cable modems go dynamic addressing recently. A link to the source code can be found on the page and here. Check frequently, as he updated the code a couple of revisions just today.
-
logs
automatically generated list of attacks against my server
147 attacks so far
the page is generated through a perl script that reads my apache logs -
Live Report
I wrote a perl script that automatically generates a page that lists all attacks on my server.
http://www.kryptolus.com/red.html
You can see the IP and time.
On another note, a part of my employer's network got hit by about 20,000 attacks within 2 days.