#!/bin/php -q
<?php

$local_ips=array("24.17.35.213","24.17.35.220");

$fp=popen("/usr/bin/tail -f /var/log/access_log","r");

set_time_limit(5);
while($line=fgets($fp,4096)){
 $spl=explode(" ",$line);
 if('/scripts/root.exe?/c+dir'==$spl[6]){
  echo "Nimda Attack from ".$spl[0]."!!!!!!\n";
  $ip=$spl[0];

  reset($local_ips);
  while(list($key2,$val2)=each($local_ips)){
   $cmd="/sbin/ipchains -A input -p tcp -s ".$ip." -d ".$val2." -j REJECT";
   echo $cmd."\n";
   exec($cmd);
  }


 }else{
  echo "Benign line from ".$spl[0]."... (".$spl[6].")\n";
 }
// echo $line;
}

?>