#!/usr/local/bin/perl =head1 NAME Suika Server /default.ida =head1 DESCRIPTION Responds to CodeRed worm attacks with e-mail warnings. (Human) user can see worm access log (graph). =head1 ENCODING This module is written in EUC-JP. =cut use Suika::CGI; use Data::Count; $| = 1; my (undef,undef,$hour,$day,$month,$year) = gmtime(time); $month++; $year += 1900; my $d = Data::Count->open('/home/wakaba/public_html/private/warm200107.count', $year.'-'.sprintf('%02D',$month).'-'.sprintf('%02D',$day).'-'.sprintf('%02D',$hour)); if ($Suika::CGI::param{log}) { print STDOUT < log of http://$main::ENV{SERVER_NAME}/default.ida

log of http://$main::ENV{SERVER_NAME}/default.ida (Date = GMT)

EOH my (%logs,%logsc) = $d->list(); for (sort keys %logs) { $logsc{$_} = '*' x $logs{$_}; print < EOH } print <
$_ ($logs{$_}) $logsc{$_}

Note

[/] [Suika server administration group, Web server administrator]
EOH exit; } $d->up(); print STDOUT jcode::jis(< Subject: 403 Forbidden MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="foobar" --foobar Content-Type: text/html Content-Language: en

Forbidden

You don't have permission to access this resource.

The Watermeron Project.
--foobar Content-Type: text/plain Content-Language: ja Itteyoshi. --foobar Content-Type: text/html Content-Language: ja

逝ってよし

西瓜サーバーを含め the Internet に無意味な情報を流す事は御遠慮下さい。

西瓜計画.
--foobar-- EOH exit if $Suika::CGI::param{test}; my $host = gethostbyaddr(pack('C4',split(/\./,$main::ENV{REMOTE_ADDR})),2) || '['.$main::ENV{REMOTE_ADDR}.']'; =pod open M, '| /usr/lib/sendmail -t -f suika.test.n@suika.fam.cx'; print M < Sender: "default.ida" To: "CodeRed infected Host Administrator" : , , ; Bcc: (webmaster\@suika.fam.cx,) suika.test.n\@suika.fam.cx Followup-To: suika.admin Reply-to: "Suika Web server administrator" , "Suika server administration group" Subject: [Caution] CodeRed infection on '${host}': Automatic report X-Priority: 1 X-MSMail-Priority: High Dear ${host} administrator, Your Microsoft IIS server (at $main::ENV{REMOTE_ADDR}) appears to have been infected with a strain of the CodeRed worm. It attempted to spread to our Web server, despite the fact that we run GNU/Linux and Apache (which are immune). You should immediately download the security patch from Microsoft, from . You can also get information in Japanese from And I also suggest that you never use Micro\$oft products for server. It is very ill. Regard, Webmaster of the Suika server. P.S. I attach some information of your request. EOH for (grep /(?:HTTP|REMOTE|REQUEST|CONTENT|QUERY)_/, keys %main::ENV) { print M $_,":\t",$main::ENV{$_},"\n"; } print M "\n(end)\n"; close M; =cut 1; =head1 LICENSE Public Domain. =head1 CHANGE 2001-08-25 wakaba * (Graph notice) Add about server down for maintenance. 2001-08-17 wakaba * (Graph) Add note. 2001-08-14 wakaba * (Log for graph): Logging w/ hour data. 2001-08-08 wakaba * Rewrite caution message. 2001-08-07 wakaba * default.ida.cgi: New file. =head1 SEE ALSO =over =item Apache::CodeRed =item Suika Server CodeRed Worm Log =item Suika Server CodeRed Caution Mail Log =back =cut