NOVOTS KMS 词汇表 Glossary    联系我们 Contact Us
查询 Search  
   
按类别浏览 Browse by Category
NOVOTS KMS .: 病毒安全 .: Windows IIS日志文件分析程序

Windows IIS日志文件分析程序

Windows Server具有事件日志记录的功能,其IIS日志文件里记录了包括下列信息:谁访问了您的站点,访问者查看了哪些内容等等。通过定期检查这些日志文件,网站管理员可以检测到服务器或站点的哪些方面易受攻击或存在其他安全隐患。 不过,目前的日志分析工具并不是很完善,有些功能并不具备,特别是针对某个URL地址进行攻击的分析并不多,下面是一个VB Script程序,保存为VBS程序后可以在服务器上运行,用于分析和检测IIS日志里针对某个URL地址进行攻击的IP地址。 '代码开始 targeturl = "/archives/2761.html" '受攻击网站的URL地址。 logfilepath = "C:\LogFiles\W3SVC\ex110813.log" '受攻击网站的日志路径。 On Error Resume Next Set fileobj = CreateObject("scripting.filesystemobject") Set fileobj2 = CreateObject("scripting.filesystemobject") Set myfile = fileobj2.opentextfile(logfilepath, 1, False) Do While myfile.atendofstream <> True myline = myfile.readline() myline2 = Split(myline, " ") newip = myline2(9) myurl = myline2(5) If targeturl = myurl Then writelog newip End If Loop myfile.Close Set fileobj2 = Nothing Msgbox "结束." Sub writelog(errmes) ipfilename = "blockip.txt" Set logfile = fileobj.opentextfile(ipfilename, 8, True) logfile.writeline errmes logfile.Close Set logfile = Nothing End Sub '代码结束 分析出来的IP如果出现异常,可以通过程序,将其批量添加到IIS的屏蔽IP列表里,下面是网上找到的一段VBScript代码,将其改名为vbs后,把上面那段程序的IP导入,即可批量屏蔽攻击者的IP地址。 '代码开始 '/*========================================================================= ' * Intro VBScript使用ADSI为IIS批量添加屏蔽或允许访问的IP ' * FileName VBScript-ADSI-IIS-Add-Deny-Grant-IP-Change-MetaBase.xml.vbs ' *==========================================================================*/ 'AddDenyIP2All "192.168.1.106,255.255.255.0" 'AddDenyIP "123456","127.0.0.1" 'AddDenyIP2All "14.113.226.116" '添加要屏蔽的IP或一组计算机,到一个指定站点上 Sub AddDenyIP(strWebNo, strDenyIp) On Error Resume Next Set SecObj = GetObject("IIS://LocalHost/W3SVC/" & strWebNo & "/Root") Set MyIPSec = SecObj.IPSecurity MyIPSec.GrantByDefault = True IPList = MyIPSec.IPDeny i = UBound(IPList) + 1 ReDim Preserve IPList(i) IPList(i) = strDenyIp MyIPSec.IPDeny = IPList SecObj.IPSecurity = MyIPSec SecObj.Setinfo End Sub '添加要屏蔽的IP或一组计算机,到IIS公共配置,以应用到所有站点 '如果之前对有些站点单独做过屏蔽IP设置,在些设置不会生效,得在总的网站上设置一下,然后覆盖所有子结点 Sub AddDenyIP2All(strDenyIp) On Error Resume Next Set SecObj = GetObject("IIS://LocalHost/W3SVC") Set MyIPSec = SecObj.IPSecurity MyIPSec.GrantByDefault = True IPList = MyIPSec.IPDeny i = UBound(IPList) + 1 ReDim Preserve IPList(i) IPList(i) = strDenyIp MyIPSec.IPDeny = IPList SecObj.IPSecurity = MyIPSec SecObj.Setinfo End Sub '添加允许的IP或一组计算机,到一个指定站点上 Sub AddGrantIP(strWebNo, strGrantIp) On Error Resume Next Set SecObj = GetObject("IIS://LocalHost/W3SVC/" & strWebNo & "/Root") Set MyIPSec = SecObj.IPSecurity MyIPSec.GrantByDefault = False IPList = MyIPSec.IPGrant i = UBound(IPList) + 1 ReDim Preserve IPList(i) IPList(i) = strGrantIp MyIPSec.IPGrant = IPList SecObj.IPSecurity = MyIPSec SecObj.Setinfo End Sub '添加允许的IP或一组计算机,到IIS公共配置,以应用到所有站点 '如果之前对有些站点单独做过屏蔽IP设置,在些设置不会生效,得在总的网站上设置一下,然后覆盖所有子结点 Sub AddGrantIP2All(strGrantIp) On Error Resume Next Set SecObj = GetObject("IIS://LocalHost/W3SVC") Set MyIPSec = SecObj.IPSecurity MyIPSec.GrantByDefault = False IPList = MyIPSec.IPGrant i = UBound(IPList) + 1 ReDim Preserve IPList(i) IPList(i) = strGrantIp MyIPSec.IPGrant = IPList SecObj.IPSecurity = MyIPSec SecObj.Setinfo End Sub '显示IIS公共配置里禁止访问的IP Sub ListDenyIP() Set SecObj = GetObject("IIS://LocalHost/W3SVC") Set MyIPSec = SecObj.IPSecurity IPList = MyIPSec.IPDeny 'IPGrant/IPDeny WScript.Echo Join(IPList, vbCrLf) ' For i = 0 To UBound(IPList) ' WScript.Echo i + 1 & "-->" & IPList(i) ' Next End Sub

这篇文章对你多有用?

相关文章

article 关于windows IIS日志时间与系统时间相差8小时的问题
很多做过网站的朋友在分析IIS日志的时候会发现IIS...

(No rating)  11-5-2014    Views: 733   
article Windows Server 2003、Windows XP 和 Windows 2000 中缓存凭据的安全性
Windows Server 2003、Windows XP 和 Windows 2000...

(No rating)  11-27-2006    Views: 3116   
article Windows Server 2003、Windows XP 和 Windows 2000 中缓存凭据的安全性
Windows Server 2003、Windows XP 和 Windows 2000...

(No rating)  11-30-2006    Views: 3864   

用户评语

添加评语
当前还没有评语.


.: .: .: .: .:
[ 登陆 ]
北京护航科技有限公司 2006

Novots Technologies Limited