Zend - The PHP Company




Utilities

Add Code


PHP/MySQL CodeRed hit logger and results display  
Type: application
Added by: kingtech
Entered: 14/09/2001
Last modified: 31/10/2000
Rating: - (fewer than 3 votes)
Views: 6032
add .ida as a PHP type and place default.idi in your web root. When Code Red requests hit the infected servers hostname, IP, date are inserted into a MySQL DB. The next "index.php" file displays the hits with number of hits each host and a url to the infected server (So maybe you can contact them). You can add or change hosts to be seperated. Most of mine are from Bellsouth so that is why is seperate them.


<?PHP 
 /******************************************************************* 
*    FILENAME: default.ida

*    DESCRIPTION: Logs IP, Host, Date, Count per host of 
*                    CodeRed requests into MySQL DB 

*        This File replaces default.ida and .ida needs to be added 
*        as a PHP type in IIS or Apache configs 

*    AUTHOR: KingTechSolutions 
*                http://kingtechsolutions.com 

*    HISTORY: v 1.0 - 20001-09-13 

*******************************************************************/

 if (getenv("HTTP_X_FORWARDED_FOR")){
    $ip=getenv("HTTP_X_FORWARDED_FOR");
} else {
    $ip=getenv("REMOTE_ADDR");
}

 // Get the hostname
 $hostname gethostbyaddr($ip);

if (empty($hostname)) {
    $hostname $ip;
}

 /* Connect to Databse */
 $db mysql_connect("localhost""user""pass")
        or die ("Unable to connect to database codered.");
 mysql_select_db("codered",$db)
        or die ("Unable to Select DataBase codered.");


 // Check for .bellsouth.net at the end of the hostname.
 if (substr($hostname, -14) == ".bellsouth.net") {
    $isp "Bellsouth";
} else {
    $isp "Other";
}

 // Instert into database
 $sql "INSERT INTO hosts (host,ip,date,isp) VALUES ('$hostname','$ip',NOW(),'$isp')";
 $result mysql_query($sql) or 
    die(mysql_error());
 ?>






<?PHP 
 /******************************************************************* 
*    FILENAME:  index.php

*    DESCRIPTION:  Prints HTML tables of the DB Log created 
*                     by default.ida 

*    AUTHOR: KingTechSolutions 
*                http://kingtechsolutions.com 

*    HISTORY:  v 1.0 - 20001-09-13 

*******************************************************************/ 
 ?> 
<HTML>
<HEAD>
<TITLE>Code-Red Requests by ISP</TITLE>
<link rel="stylesheet" href="codered.css">
</HEAD>
<BODY>

<?PHP 
 /* 
** print_hosts 

*  FILENAME: H:kingcomnewCodeRedindex.phps 

*  PARAMETERS:    Which ISP is table named and The order for sorting 

*  DESCRIPTION: Creates a Table and sorts 

*  RETURNS: HTML Code 

*/ 


 function print_hosts ($isp$order)  {
   
  $result mysql_query("SELECT count(ip),ip,host,date,isp FROM hosts WHERE isp='$isp' GROUP BY ip ORDER BY $order");
  $myrow mysql_fetch_array($result) or
    die(mysql_error());

  // Count Total Hosts
  $num_rows mysql_num_rows($result);        

  // If we have something GO
  if ($num_rows 1) {
     
    // Start HTML for table
    print ("<TABLE ALIGN=CENTER BORDER=0 CELLSPACING=0>");
    print ("<TR BGCOLOR=#FFFFFF><TD COLSPAN=4 ALIGN=CENTER><FONT SIZE=+1><B>$isp ($num_rows Hosts)
        </B></FONT></TD></TR>");
    
    print ("<TR BGCOLOR=#CCCCCC>
        <TD ALIGN=LEFT><FONT SIZE=+1><A HREF=$PHP_SELF?order=host>Hostname</A></FONT></TD>
        <TD ALIGN=CENTER><FONT SIZE=+1><A HREF=$PHP_SELF?order=ip>IP Address</A></FONT></TD>
        <TD ALIGN=CENTER><FONT SIZE=+1><A HREF=$PHP_SELF?order=date>Date</A></FONT></TD>
        <TD ALIGN=CENTER><FONT SIZE=+1>Hits</FONT></TD>
        <TR>");    
    
    do {
        $ip $myrow["ip"];
        $host $myrow["host"];
        $date $myrow["date"];
        $isp $myrow["isp"];
        $hcount $myrow["count(ip)"];
         
        // Make a Gregorian Date from MySQL Date
        $year     substr("$date"04);
        $month     substr("$date"52);
        $day     substr("$date", -2);
        $monthName = array("01" => "January",  "02" => "February",  "03" => "March"
                        "04" => "April",  "05" => "May",  "06" => "June",  "07" => "July",  "08" => "August"
                        "09" => "September",  "10" => "October",  "11" => "November",  "12" => "December");
        $month $monthName["$month"]; 

        // Alternate Table Row Color
        if ($alternate == "1") {
            $trcolor "#FFCCCC";
            $alternate "2";
        } else {
             $trcolor "#66CCFF";
            $alternate "1";
        }
        
        print ("<TR BGCOLOR=$trcolor><TD ALIGN=LEFT>
            <A HREF=http://$ip target=_blank>$host</A>            
            </TD>
            <TD ALIGN=CENTER>
                &nbsp;&nbsp;&nbsp;&nbsp;$ip&nbsp;&nbsp;&nbsp;&nbsp;
            </TD>
            <TD ALIGN=CENTER>&nbsp;&nbsp;$month $day$year&nbsp;&nbsp;</TD>
            <TD ALIGN=CENTER>&nbsp;&nbsp;$hcount&nbsp;&nbsp;</TD>
            <TR>");    
    
    } while($myrow mysql_fetch_array($result));

    print ("</TABLE>");
    print ("<P>&nbsp;</P>");
  }
}

 /******************************************************************* 

* Main File Starts Here   

*******************************************************************/ 

// Set Order if selected
 if (empty($order)) {
    $order "date";
}

 /* Connect to Databse */
 $db mysql_connect("localhost""user""pass")
    or die ("Unable to connect to database codered.");
 mysql_select_db("codered",$db)
    or die ("Unable to Select DataBase codered.");


 // Call Function to print tables 
 print_hosts("Bellsouth"$order);
 print_hosts("Other"$order)

 /******************************************************************* 
*    END OF index.php
*******************************************************************/ 

 ?>
 <P><A HREF="../">Home</A></P>

</BODY>
</HTML>


Usage Example


See the example


Rate This Script





Search



This Category All Categories
Solutions
Products
Services
© 2013 Zend Technologies Ltd. All rights reserved.