[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 22 Jan 2011, Gordon Henderson wrote:
There appears to be many different hosts that have been compromosed to run this code - a very quick check on just one site:$ fgrep ZmEu access_log | cut -d\ -f 1-1 | sort -rn | uniq | wc -l 95
Just out of curiosity, I ran it on the log-files on a server that hosts about 250 websites and stores 3 months of log-files:
# fgrep ZmEu */logs/oldLogs/access_log* | cut -d\ -f 1-1 | sort -rn | uniq | wc -l 1688All those PCs that have been compromised to run hacking attacks... and I know that's just the tip of the iceberg...
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq