Establishing A Nimda Virus Log File Pool? 6
Elsifer asks: "Can we get a listing of peoples log files so that NIPC an CERT authorities can disseminate these to try and track down the origins? ... I have modified my home website (on @home, where it seems that most of the infectious attacks are originating) to display my log files up to 1045MST." This sounds like a good way to consolidate information -- does anyone know of an existing site to do just this, or want to establish one?
how about a redirector to the collection agent? (Score:2, Insightful)
RedirectMatch (.*)\cmd.exe$ http://www.sitecollectingdata.com/collector/index
RedirectMatch (.*)\root.exe$ http://www.sitecollectingdata.com/collector/index
RedirectMatch (.*)\default.ida$ http://www.sitecollectingdata.com/collector/index
Re:how about a redirector to the collection agent? (Score:1)
Re:how about a redirector to the collection agent? (Score:2)
I am using the 'sa' with blank password, will that work?
log analysis sites (Score:1)
Jungnickel.com (Score:1)
Doesn't work (Score:3, Informative)
nyuk nyuk nyuk
Less kiddingly, I've written a couple of scripts to let me know how much we're getting hit (something like 20,000 accesses on the two servers I have access to) and where the hits are coming in from, sorted by frequency of hits. If someone is collecting the data I can extract whatever seems relevant and pass it along as part of the same script (...or at least I can next week).