Check if the specified machine shows up in databases indicating a potential compromise.
singe/hackcheck
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Dominic at SensePost GPL v3 Originally published 2005, updated 2011 http://singe.za.net/blog/archives/494-Am-I-Hacked.html The script is simple, no arguments and it checks your machines IP, or pass an IP to see if it is in the database. Example output: $ hackcheck.pl No IP provided, detected your external IP as 0.0.0.0 There are no reports for 0.0.0.0 $ hackcheck.pl 0.0.0.0 0.0.0.0 may be Hacked : It was reported 128527 times. You can run this regularly to be notified if a machine you administer shows up. The cron script is very simple. Just drop it into /etc/cron.daily or the like. #!/bin/sh test -f /usr/bin/hackcheck.pl || exit 0 MAILTO=root #Put the IP address of the machine you want checked here IP=0.0.0.0 [ -z "$MAILTO" ] && exit 1 hackcheck.pl $IP > /dev/null if [ "$?" -eq "1" ]; then hackcheck.pl $IP| \ mail -e -s "DShield Hack Warning \ on $(hostname -f) [$(date +%D)]" $MAILTO fi DShield relies on the submissions of people from around the world. Find out how you can contribute by submitting your logs here. This is dependant on the HTML structure of the page "http://www.dshield.org/ipinfo.html?ip=" if it changes, the script will break, but is just as easy to fix, so mail me a bug report. Check singe.za.net/dominicwhite for address.
About
Check if the specified machine shows up in databases indicating a potential compromise.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published