1
1
##########################################################################
2
# $Id: http,v 1.37 2007/03/05 04:53:42 bjorn Exp $
2
# $Id: http,v 1.40 2008/06/30 20:47:20 kirk Exp $
3
3
##########################################################################
5
# Revision 1.40 2008/06/30 20:47:20 kirk
6
# fixed copyright holders for files where I know who they should be
8
# Revision 1.39 2008/03/24 23:31:26 kirk
9
# added copyright/license notice to each script
11
# Revision 1.38 2007/12/26 06:07:27 bjorn
12
# Restored use of $HTTP_IGNORE_ERROR_HACKS. When set to 1, ignores accesses
13
# flagged in @exploits string.
5
15
# Revision 1.37 2007/03/05 04:53:42 bjorn
6
16
# Added HTTP_IGNORE_IPS to ignore IP addresses, and added user logging, by
7
17
# Mike Bremford (modified to use programmable user logging)
95
105
##########################################################################
97
########################################################
98
# This was written and is maintained by:
99
# Michael Romeo <michaelromeo@mromeo.com>
101
# Please send all comments, suggestions, bug reports,
102
# etc, to kirk@kaybee.org.
103
########################################################
107
#####################################################
108
# Copyright (c) 2008 Michael Romeo <michaelromeo@mromeo.com>
109
# Covered under the included MIT/X-Consortium License:
110
# http://www.opensource.org/licenses/mit-license.php
111
# All modifications and contributions by other persons to
112
# this script are assumed to have been donated to the
113
# Logwatch project and thus assume the above copyright
114
# and licensing terms. If you want to make contributions
115
# under your own copyright or a different license this
116
# must be explicitly stated in the contribution an the
117
# Logwatch project reserves the right to not accept such
118
# contributions. If you have made significant
119
# contributions to this script and want to claim
120
# copyright please contact logwatch-devel@logwatch.org.
121
########################################################
106
123
#use diagnostics;
117
134
my $detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
118
135
my $ignoreURLs = $ENV{'http_ignore_urls'};
119
136
my $ignoreIPs = $ENV{'http_ignore_ips'};
137
my $ignore_error_hacks = $ENV{'http_ignore_error_hacks'} || 0;
120
138
my $user_display = $ENV{'http_user_display'};
121
139
my $logformat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b";
476
494
# loop to check for typical exploit attempts
480
for (my $i = 0; $i < @exploits; $i++) {
481
# print "$i $exploits[$i] $field{lc_url} \n";
482
if ($field{lc_url} =~ /$exploits[$i]/i) {
483
$hacks{$field{client_ip}}{$exploits[$i]}++;
484
$total_hack_count += 1;
485
$ban_ip{$field{client_ip}} = " ";
486
if ($field{http_rc} < 400) {
487
$hack_success{$field{url}} = $field{http_rc};
497
if (!$ignore_error_hacks) {
498
for (my $i = 0; $i < @exploits; $i++) {
499
# print "$i $exploits[$i] $field{lc_url} \n";
500
if ($field{lc_url} =~ /$exploits[$i]/i) {
501
$hacks{$field{client_ip}}{$exploits[$i]}++;
502
$total_hack_count += 1;
503
$ban_ip{$field{client_ip}} = " ";
504
if ($field{http_rc} < 400) {
505
$hack_success{$field{url}} = $field{http_rc};