As far as I can see at logs of my Apache, last few weeks was very busy for few guys trying to hack my honeypot ;)
Good job guys!
For some reason I decided to create a very simple (but useful) 'log-reader' for Apache.
You can obviously add it to cron or just run as a normal Bash script.
Here you have a code:
---<code>---
#!/bin/sh
ACCESS="/var/log/apache2/access.log"
FOUND="found.log"
UNIQ="uniq.log"
echo
echo "**** Test Apache logs... ****"
echo
cut -d' ' -f1 $ACCESS > $FOUND
cat $FOUND | uniq > $UNIQ
echo "[+] Found host(s) : " `wc -l $UNIQ`
for host in `cat $UNIQ`; do
echo "--------------------------------------------------------------"
echo "[+] Testing : " $host
host $host
whois $host | grep -e "country\|address"
echo ""
echo "[+] looking for: "
grep $host $ACCESS | cut -d' ' -f 6-8
echo "--------------------------------------------------------------"
done
---<code>---
No comments:
Post a Comment
What do You think...?