/[suikacvs]/webroot/default.ida.cgi
Suika

Contents of /webroot/default.ida.cgi

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (hide annotations) (download)
Sat Jul 19 07:24:55 2003 UTC (21 years, 4 months ago) by wakaba
Branch: MAIN
Imported to CVS

1 wakaba 1.1 #!/usr/local/bin/perl
2    
3     =head1 NAME
4    
5     Suika Server /default.ida
6    
7     =head1 DESCRIPTION
8    
9     Responds to CodeRed worm attacks with e-mail warnings.
10     (Human) user can see worm access log (graph).
11    
12     =head1 ENCODING
13    
14     This module is written in EUC-JP.
15    
16     =cut
17    
18     use Suika::CGI;
19     use Data::Count;
20     $| = 1;
21     my (undef,undef,$hour,$day,$month,$year) = gmtime(time);
22     $month++; $year += 1900;
23     my $d = Data::Count->open('/home/wakaba/public_html/private/warm200107.count', $year.'-'.sprintf('%02D',$month).'-'.sprintf('%02D',$day).'-'.sprintf('%02D',$hour));
24    
25     if ($Suika::CGI::param{log}) {
26     print STDOUT <<EOH;
27     Content-Type: text/html
28     Content-Language: en
29    
30     <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
31     <html lang="en">
32     <head>
33     <title>log of http://$main::ENV{SERVER_NAME}/default.ida</title>
34     </head>
35     <body>
36     <h1>log of http://$main::ENV{SERVER_NAME}/default.ida (Date = GMT)</h1>
37     <table>
38     <tbody>
39     EOH
40    
41     my (%logs,%logsc) = $d->list();
42     for (sort keys %logs) {
43     $logsc{$_} = '*' x $logs{$_};
44     print <<EOH;
45     <tr>
46     <th nowrap>$_</th>
47     <td>($logs{$_})</td>
48     <td>$logsc{$_}</td>
49     </tr>
50     EOH
51     }
52     print <<EOH;
53     </tbody>
54     </table>
55    
56     <h2>Note</h2>
57    
58     <ul>
59     <li><a href="/admin/web-2001-08-10">Announce of 2001-08-10</a></li>
60     <li>All accesses from *.hinet.net (IP Address: 61.216.0.0 Network Mask: 255.248.0.0, IP Address: 61.224.0.0 Network Mask: 255.255.0.0; not only web) have been shut since 2001-08-10.</li>
61     <li>2001-08-16-06 - 2001-08-17-02 is not counted.</li>
62     <li>This does not count Code Red (I) worm since it causes 400 http error.</li>
63     <li>2001-08-25 +0900: Web server had been stoped some minites to maintenance. Atacks of those time are not logged.</li>
64    
65     </ul>
66    
67     <address>[<a href="/">/</a>]
68     [<a href="mailto:admin\@suika.fam.cx">Suika server administration group</a>,
69     <a href="mailto:webmaster\@suika.fam.cx">Web server administrator</a>]</address>
70     </body></html>
71     EOH
72     exit;
73     }
74    
75     $d->up();
76    
77     print STDOUT jcode::jis(<<EOH);
78     Content-Type: message/rfc822
79     Status: 403 I don't hope your attack.
80    
81     From: webmaster\@suika.fam.cx
82     Message-id: <msg.20010807.default.ida\@suika.fam.cx>
83     Subject: 403 Forbidden
84     MIME-Version: 1.0
85     Content-Type: multipart/alternative; boundary="foobar"
86    
87     --foobar
88     Content-Type: text/html
89     Content-Language: en
90    
91     <!DOCTYPE html PUBLIC "-//SUIKA//DTD SUIKA HTML 1.00//EN">
92     <html lang="en">
93     <body>
94     <h1>Forbidden</h1>
95     <p>You don't have permission to access this resource.</p>
96     <address><a href="http://suika.fam.cx/admin/">The Watermeron Project</a>.</address>
97     </body>
98     </html>
99    
100     --foobar
101     Content-Type: text/plain
102     Content-Language: ja
103    
104     Itteyoshi.
105    
106     --foobar
107     Content-Type: text/html
108     Content-Language: ja
109    
110     <!DOCTYPE html PUBLIC "-//SUIKA//DTD SUIKA HTML 1.00//EN">
111     <html lang="en">
112     <body>
113     <h1>逝ってよし</h1>
114     <p>西瓜サーバーを含め the Internet に無意味な情報を流す事は御遠慮下さい。</p>
115     <address><a href="mailto:admin\@suika.fam.cx">西瓜計画</a>.</address>
116     </body>
117     </html>
118     --foobar--
119    
120     EOH
121    
122     exit if $Suika::CGI::param{test};
123    
124     my $host = gethostbyaddr(pack('C4',split(/\./,$main::ENV{REMOTE_ADDR})),2)
125     || '['.$main::ENV{REMOTE_ADDR}.']';
126    
127    
128     =pod
129    
130     open M, '| /usr/lib/sendmail -t -f suika.test.n@suika.fam.cx';
131    
132     print M <<EOH;
133     From: "Suika Web server" <webmaster\@suika.fam.cx>
134     Sender: "default.ida" <webmaster\@suika.fam.cx>
135     To: "CodeRed infected Host Administrator" :
136     <security\@${host}>, <webmaster\@${host}>, <abuse\@${host}> ;
137     Bcc: (webmaster\@suika.fam.cx,) suika.test.n\@suika.fam.cx
138     Followup-To: suika.admin
139     Reply-to: "Suika Web server administrator" <webmaster\@suika.fam.cx>,
140     "Suika server administration group" <admin\@suika.fam.cx>
141     Subject: [Caution] CodeRed infection on '${host}': Automatic report
142     X-Priority: 1
143     X-MSMail-Priority: High
144    
145     Dear ${host} administrator,
146    
147     Your Microsoft IIS server (at $main::ENV{REMOTE_ADDR}) appears to have
148     been infected with a strain of the CodeRed worm. It attempted to spread
149     to our Web server, despite the fact that we run GNU/Linux and Apache (which
150     are immune).
151    
152     You should immediately download the security patch from Microsoft, from
153     <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/topics/codealrt.asp>.
154     You can also get information in Japanese from
155     <http://www.reasoning.org/jp/security_alerts/hashsa-2001-02.html>
156    
157     And I also suggest that you never use Micro\$oft products
158     for server. It is very ill.
159    
160     Regard,
161    
162     Webmaster of the Suika server.
163    
164     P.S. I attach some information of your request.
165    
166     EOH
167    
168     for (grep /(?:HTTP|REMOTE|REQUEST|CONTENT|QUERY)_/, keys %main::ENV) {
169     print M $_,":\t",$main::ENV{$_},"\n";
170     }
171    
172     print M "\n(end)\n";
173    
174     close M;
175    
176     =cut
177    
178     1;
179    
180     =head1 LICENSE
181    
182     Public Domain.
183    
184     =head1 CHANGE
185    
186     2001-08-25 wakaba <wakaba@suika.fam.cx>
187    
188     * (Graph notice) Add about server down for maintenance.
189    
190     2001-08-17 wakaba <wakaba@suika.fam.cx>
191    
192     * (Graph) Add note.
193    
194     2001-08-14 wakaba <wakaba@suika.fam.cx>
195    
196     * (Log for graph): Logging w/ hour data.
197    
198     2001-08-08 wakaba <wakaba@suika.fam.cx>
199    
200     * Rewrite caution message.
201    
202     2001-08-07 wakaba <wakaba@suika.fam.cx>
203    
204     * default.ida.cgi: New file.
205    
206     =head1 SEE ALSO
207    
208     =over
209    
210     =item Apache::CodeRed
211    
212     <http://reuven.lerner.co.il/projects/>
213    
214     =item Suika Server CodeRed Worm Log
215    
216     <http://suika.fam.cx/default.ida?log=1>
217    
218     =item Suika Server CodeRed Caution Mail Log
219    
220     <news://suika.fam.cx/suika.test>
221    
222     =back
223    
224     =cut

admin@suikawiki.org
ViewVC Help
Powered by ViewVC 1.1.24