phf_abuse_log.cgi revision b45c1c292ff1fa635004ae81fa691f8cb3cdda85
585895b11fc5072edf78147f9820d97bb020608drjung#!/usr/bin/perl
7d5ac94fda90b837211dadf2585c0fe8c5dc3e5djerenkrantz
c330021bf3f45cbf187fa644781e67f7e470a58awrowe# This script is used to detect people trying to abuse the security hole which
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions.
62f7716b14b71603a8004434ca3536902bfb8899wrowe# You can redirect them to here using the "<Location /cgi-bin/phf*>" suggestion
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe# in httpd.conf.
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe#
a50b3b1b5ac488a316ab36af320415e840ccfa2frjung# The format logged to is
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe# "[date] remote_addr remote_host [date] referrer user_agent".
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe$LOG = "/var/log/phf_log";
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe
366616a5cc6212cbf7134ccf877f965d668c6b04wrowerequire "ctime.pl";
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe$when = &ctime(time);
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe$when =~ s/\n//go;
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe$ENV{HTTP_USER_AGENT} .= " via $ENV{HTTP_VIA}" if($ENV{HTTP_VIA});
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe
366616a5cc6212cbf7134ccf877f965d668c6b04wroweopen(LOG, ">>$LOG") || die "boo hoo, phf_log $!";
366616a5cc6212cbf7134ccf877f965d668c6b04wroweprint LOG "[$when] $ENV{REMOTE_ADDR} $ENV{REMOTE_HOST} $ENV{$HTTP_REFERER} $ENV{HTTP_USER_AGENT}\n";
38dc50ae00a1ea57fa41500d74f4e818747e3cefpquernaclose(LOG);
585895b11fc5072edf78147f9820d97bb020608drjung
366616a5cc6212cbf7134ccf877f965d668c6b04wroweprint "Content-type: text/html\r\n\r\n<BLINK>Smile, you're on Candid Camera.</BLINK>\n";
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz