i wrote two bash scripts to handle HTTP requests from CodeRed-infected
the first one extracts the typical lines from Apache logs and sends the
the second one does whois-lookups at whois.RIPE.net for the IPs of those
and notifies the tech-c email address automatically.
also, various known IP blocks' dedicated abuse email addresses are used
for the notifications.
the second script will only work on european servers in its current form
for american IPs and thus for whois.ARIN.lookups they would have to be
modified, since ARIN uses a different whois database format.
so the second script should mostly be of interest if your HTTP server is
located in europe.