Fun with httpd logs and code red

John W. Baxter jwbaxter at spamcop.com
Mon Aug 20 18:31:10 CEST 2001


In article <to13ef3kf4vh17 at corp.supernews.com>, Stephen Boulet
<spboulet at speakeasy.net> wrote:

> Just for fun, I wrote the following script to check my apache log for 
> recent code red queries:
> 
>         import string
> 
>         f=open('/var/log/httpd/access_log', 'r')
>         lines = f.readlines()
>         ip_list = []
> 
>         for line in lines:
>                 if string.find(line, "GET /default.ida"):
>                         a = string.split(line)
>                         if a[0] not in ip_list:
>                                 ip_list.append(a[0])
> 
>         print "The number of IPs in my list is %d" % len(ip_list)
> 
>         f.close()
> 
> Hmmm. I have a list with 873 entries. Now what do I do with it?  ;)

One thing you do is avoid getting into this situation:

   http://www.linuxfreak.org/post.php/08/17/2001/134.html

wherein, if the story actually represents the facts, telling a
newspaper editor that his paper's site was wide open to "adjustments"
by anyone leads to FBI, federal prosecutor, etc interest.  [It's quite
possible that the problem was "demonstrating" rather then "telling".]

  --John



More information about the Python-list mailing list