<?
/*****************************************************************************/
/* */
/* Class: CNimda.inc.php */
/* */
/* Content: Class for grepping your (Apache) Logfile */
/* and showing the Nimda-Worm attempts */
/* */
/* Requires: NONE */
/* */
/* Copyrights: This class was created by Felix-Gabriel Gangu */
/* for the ForeverNET Media GmbH, Germany. */
/* */
/* Questions? Take a look @ http://www.forevernet.de */
/* or drop a line to fgangu@forevernet.de! */
/* */
/* Please let me know, if you make some modifications! */
/* What about a better error handling? */
/* */
/* Hints: For usage see the included file "nimda_show.php" */
/* */
/*---------------------------------------------------------------------------*/
/* Version History: */
/* */
/* 19.09.01 Date of creation */
/* 20.09.01 Method CNimda::_Doit() optimized */
/* (Now also scanning after "MSADC/root.exe","scripts/root.exe" */
/* when scanning the log file */
/* 20.09.01 New Methods: */
/* - CNimda::GetNumNimdaRequests() */
/* - CNimda::GetRefreshJavaScript() */
/*****************************************************************************/
class CNimda
{
// public:
// private:
var $_cLogFile;
var $_iRefresh;
var $_iNumLines;
var $_fp;
var $_aLines;
/*.............................................................*/
function CNimda($cLogFile,$iRefresh,$iNumLines)
{
$this->_cLogFile=$cLogFile;
$this->_iRefresh=$iRefresh;
$this->_iNumLines=$iNumLines;
}
/*.............................................................*/
function _Doit()
{
$this->_FileOpen();
while (!feof ($this->_fp))
{
$cLine = fgets($this->_fp, 4096);
if (stristr($cLine,"winnt/system32/cmd.exe")
|| stristr($cLine,"MSADC/root.exe")
|| stristr($cLine,"scripts/root.exe"))
$aLines[]=$cLine;
}
$this->_FileClose();
$this->_aLines=$aLines;
}
/*.............................................................*/
function ShowPage($bRefresh=TRUE)
{
$this->_Doit();
if ($bRefresh)
$cRet.=$this->_MakeJavaScript();
$cRet.="Last ".$this->_iNumLines." Nimda attempts on this server:"."<br>";
$cRet.="(Total requests in logfile: ".count($this->_aLines).")"."<br><br>";
$aLines=array_reverse($this->_aLines);
for ($i=0; $i<$this->_iNumLines; $i++)
$cRet.=$aLines[$i]."<br><br>";
return $cRet;
}
/*.............................................................*/
function GetNumNimdaRequests()
{
return count($this->_aLines);
}
/*.............................................................*/
function GetRefreshJavaScript()
{
return $this->_MakeJavaScript();
}
/*.............................................................*/
function GetResultArray()
{
$this->_Doit();
$aLines=array_reverse($this->_aLines);
for ($i=0; $i<$this->_iNumLines; $i++)
$aRet[]=$aLines[$i];
return $aRet;
}
/*.............................................................*/
function _FileOpen()
{
$this->_fp=@fopen($this->_cLogFile,"r");
}
/*.............................................................*/
function _FileClose()
{
@fclose($this->_fp);
}
/*.............................................................*/
function _MakeJavaScript()
{
$cRet="<script>\n";
$cRet.="var interval;\n";
$cRet.="RefreshStart();\n";
$cRet.="function RefreshStart()\n";
$cRet.="{\n";
$cRet.="interval=setInterval(\"location.reload()\",".$this->_iRefresh.");\n";
$cRet.="}\n";
$cRet.="function RefreshStop()\n";
$cRet.="{\n";
$cRet.="clearInterval(interval);\n";
$cRet.="}\n";
$cRet.="</script>\n";
$cRet.="<form>\n";
$cRet.="<input type=\"button\" value=\"Refresh Start\" onClick=\"RefreshStart()\">\n";
$cRet.="<input type=\"button\" value=\"Refresh Stop\" onClick=\"RefreshStop()\">\n";
$cRet.="</form>\n";
return $cRet;
}
} // EOC
?>
|
Download
