Php Programming Code Examples

Scan Apache access log files and report possible worms attack This is a php utility that will help you scan Apache access log files. It reports about possible attacks of worms like: CodeRed I and II and Nimda. <?php error_reporting(1); /** * Definition of Trigger Words */ define("TRIGGER1", "GET \/default\.ida\?NNNNNN" ); /* CodeRed I */ define("TRIGGER2", "GET \/default\.ida\?XXXXXX" ); /* CodeRed II */ define("TRIGGER3", "GET \/scripts\/root\.exe" ); /* Nimda */ // define("TRIGGER4", "" ); /* W32.Klez */ class worms { /** * @var accesslog * @see _set_accesslog(), _get_accesslog() * @access public */ var $accesslog = "C:\apache\logs\access.log"; /** * @var hackers * @see _set_hackers(), _get_hackers() * @access public */ var $hackers = array(); /** * @var counter * @see _set_counter(), _get_counter() * @access public */ var $counter = array( "codered1" => 0, "codered2" => 0, "nimda" => 0 ); /** * @var result * @access public */ var $result; /** * Class worms constructor */ function worms() { } /** * Class worms Methods */ /** * method get_apache_worms * * @param none * * @return result of anaylising worms on access log * @access public */ function get_apache_worms() { $fd = fopen($this->accesslog,"r"); while ($x = fgets($fd,1024)) { list($ip , , ,$time , $GMT, , , $f, , , $referer , ) = explode(" ", $x); if (ereg("/*.".TRIGGER1.".*/", $x, $parts)) { $this->result .= "<b><font color=red>CodeRed I <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time $GMT</b><br>\n"; array_push($this->hackers, $x); $this->counter[codered1]++; } if (ereg("/*.".TRIGGER2.".*/", $x, $parts)) { $this->result .= "<b><font color=red>CodeRed II <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time $GMT</b><br>\n"; array_push($this->hackers, $x); $this->counter[codered2]++; } if (ereg("/*.".TRIGGER3.".*/", $x, $parts)) { $this->result .= "<b><font color=red>Nimda <small>WORM</small> Attack Detected</font></b> Hacker IP : <b>$ip</b> - Date : <b>$time $GMT</b><br>\n"; array_push($this->hackers, $x); $this->counter[nimda]++; } } return $this->report(); } /** * Personalize the HTML report here */ function report() { $this->result .= "\n\n<br> <b>Apache Worms attack Analyser : </b><br><br>\n Number of worms attack detected : ".sizeof($this->hackers)." Attacks<br>\n N� CodeRed I Attacks: ".$this->counter[codered1]." Attacks<br>\n N� CodeRed II Attacks: ".$this->counter[codered2]." Attacks<br>\n N� Nimda Attacks: ".$this->counter[nimda]." Attacks<br>\n "; return $this->result; } /** * Class worms : Return privat class variables functions */ /** * Return accesslog value * * @return return accesslog value * @see var $accesslog */ function _get_accesslog() { return $this->accesslog; } /** * Return hackers value * * @return return hackers value * @see var $hackers */ function _get_hackers() { return $this->hackers; } /** * Return counter value * * @return return counter value * @see var $counter */ function _get_counter() { return $this->counter; } /** * Class worms : Set privat class variables functions */ /** * Set $accesslog value * @param $_accesslog the variable value to set * @see var $accesslog */ function _set_accesslog($_accesslog) { $this->accesslog = $_accesslog; } /** * Set $hackers value * @param $_hackers the variable value to set * @see var $hackers */ function _set_hackers($_hackers) { $this->hackers = $_hackers; } /** * Set $counter value * @param $_counter the variable value to set * @see var $counter */ function _set_counter($_counter) { $this->counter = $_counter; } } $worm = new worms; echo $worm->get_apache_worms(); ?>