dominic revised this gist . Go to revision
1 file changed, 7 insertions
get-suspic-ips.sh(file created)
| @@ -0,0 +1,7 @@ | |||
| 1 | + | #!/bin/sh | |
| 2 | + | ||
| 3 | + | GREP=/usr/bin/grep | |
| 4 | + | ||
| 5 | + | $GREP -Eh 'pma|admin|sql|w00t|CONNECT|wp-admin|wp-login|wordpress|cgi-bin' /var/log/httpd/access_log | mutt -s "Suspicious Webserver URLs (celeste/new)" -- recipient@domain | |
| 6 | + | ||
| 7 | + | $GREP -h '404' /var/log/httpd/access_log | grep ".zip" | mutt -s "Suspicious Webserver URLs (celeste/new) zip files" -- recipient@domain | |
Newer
Older