Apache-CodeRed
1 match

 view release on metacpan or  search on metacpan

CodeRed.pm  view on Meta::CPAN 

    my $mx_host = $mx[0]->exchange;
    $r->warn("CodeRed: Using MX host '$mx_host'");

    # ------------------------------------------------------------
    # Send e-mail to the webmaster, postmaster, and administrator,
    # since the webmaster and/or postmaster addresses often doesn't
    # work.
    my $remote_webmaster_address = 
	"webmaster\@$mx_host, postmaster\@$mx_host, administrator\@$mx_host";

    # Set the outgoing message

    my $outgoing_message = <<END;

Your Microsoft IIS server (at $remote_ip_address) appears to have been
infected with a strain of the CodeRed worm.  It attempted to spread to
our Web server, despite the fact that we run Linux and Apache (which
are immune).

You should immediately download the security patch from Microsoft, from
<$security_url>.

Automatically generated by Apache::CodeRed $VERSION for mod_perl and
Apache, written by Reuven M. Lerner (<reuven\@lerner.co.il> and
running on '$server_name'.
END

    # ------------------------------------------------------------
    # Also send e-mail to the people running the offending host,
    # just in case SecurityFocus takes a while.

    $r->warn("CodeRed: Sending e-mail to '$remote_webmaster_address'");

    my %mail = ( To      => $remote_webmaster_address,
		 CC      => $cc_address,
		 From    => $from_address,
		 Subject => "CodeRed infection on '$remote_hostname': Automatic report",
		 Message => $outgoing_message
	       );

    my $sendmail_success = sendmail(%mail);
    
    if ($sendmail_success)
    {
	# Cache the fact that we saw this IP address
	$file_cache->set($remote_ip_address, 1);

	return FORBIDDEN;
    }
    else
    {
	$r->warn("CodeRed: Mail::Sendmail returned '$Mail::Sendmail::error'.  Exiting.");
	return DECLINED;
    }
}

# All modules must return a true value
1;

__END__
# Below is stub documentation for your module. You better edit it!

=head1 NAME

    Apache::CodeRed - Responds to CodeRed worm attacks with e-mail warnings

=head1 SYNOPSIS

    In your httpd.conf, put the following:

	PerlModule	Apache::CodeRed

	<Location /default.ida>
	    SetHandler perl-script
	    PerlHandler Apache::CodeRed
	</Location>

=head1 DESCRIPTION

    This Perl module should be invoked whenever the CodeRed or
    CodeRed2 worm attacks.  We don't have to worry about such attacks
    on Linux boxes, but we can be good Internet citizens, warning the
    webmasters on infected machines of the problem and how to solve
    it.

=head1 BUGS

    If the remote IP address fails a reverse DNS lookup, we don't send
    e-mail to anyone associated with that host.  (We do, however,
    submit the IP address to SecurityFocus.)  It would be nice to
    automatically determine which ISP is responsible for a particular
    IP address, and contact them automatically.

=head1 LICENSE

    You may distribute this module under the same license as Perl itself.

=head1 AUTHOR

    Reuven M. Lerner, reuven@lerner.co.il

    Thanks to Randal Schwartz, David Young, and Salve J. Nilsen for
    their suggestions.

=head1 SEE ALSO

L<mod_perl>.

=cut



( run in 3.224 seconds using v1.01-cache-2.11-cpan-df04353d9ac )