Script to parse error log?

Forum Moderators: phranque

Message Too Old, No Replies

Script to parse error log?

and send abuse reports to offenders

runner

5:24 pm on Nov 17, 2004 (gmt 0)

Is there a commercial or free script out there that will do the following:

1) parse error log looking for malicious activity
2) Look up the abuse reporting address for the offender's IP address
3) automatically send an abuse report to the offender's network administrator

I was going to write a script to do this but once I sat down and started thinking about it I realized this is probably reinventing the wheel. There has to be something out there already.

whoisgregg

5:38 pm on Nov 17, 2004 (gmt 0)

What kind of malicious activity are you trying to track?

runner

11:27 pm on Nov 17, 2004 (gmt 0)

I'm trying to catch people trying to access nonexistent URLs that are known vulnerabilities.

For instance, this morning I noticed a bunch of errors where people where trying to access things like:

../apache/htdocs/scripts/root.exe
../apache/htdocs/scripts/shell.exe
../apache/htdocs/...cmd.exe
../apache/htdocs/cgi-bin/openwebmail

and various other .dll files which would have no business on a unix-based apache server.

I'm looking for something that will automatically look up an abuse email address for the offending IP address and send an abuse report. Maybe have a mechanism that would require the sys admin to view and OK the abuse report before being sent.

I was going to write a script to do this but I thought it would be a waste of time since other people have probably done this already.

whoisgregg

12:55 am on Nov 18, 2004 (gmt 0)

I know this isn't answering your question, but most of those types of requests are from virus-infected "zombie" home pcs. The ISP could easily identify these machines as being infected by analyzing the ISP's own logs and shut down those machines connections. If they aren't doing it already, you may find they won't do it when asked. :(