[PLUG] Web Server Auto-Blacklisting Tool?
Bryan Murdock
bmurdock at gmail.com
Thu Dec 23 01:17:37 UTC 2004
On Wed, 22 Dec 2004 16:37:04 -0800, Paul Mullen <pem at nellump.net> wrote:
> I'm getting pretty fed up with having my web server's log files
> polluted with the leavings of infected Windows machines attempting to
> propagate their virii to my box. Has anyone written a blacklisting
> script that greps through web server logs and instructs the firewall
> to drop future packets coming from infected Windoze machines, at least
> temporarily? I'm imagining something similar to Randal's automagic
> mail server blacklisting gizmo.
I looked into this once and there were all kinds of solutions, some
that even automatically emailed the originating machines owners and
told them they were infected. I never actually tried any of them out,
but google around for the message you are getting in the log and you
can find out which worm it is, then you can google for scripts that
handle it.
OK, that's not much help, but yes, there are scripts that deal with
that stuff...
Bryan
More information about the PLUG
mailing list