Quote:
Originally Posted by Shap
he just ran
grep -ci "seekmo" /path/to/your-access.log
on each of the different spyware. funweb, zango, etc
|
I think this could be further refined, because it's counting raw hits rather than uniques. A surfer who goes through as many FHGs as he can find and grabs 100 videos/500 images will push up the total even though his spyware 'value' is the same as a surfer who views a single hotlinked image on a forum.
Something like this would probably work better:
first, count the total number of unique IPs in your log:
cat /path/to/access_log | awk '{print $1}' | sort -u | wc -l
then for each spyware name find the number of unique IPs that reference it:
grep -ci "seekmo" /path/to/access_log | awk '{print $1}' | sort -u | wc -l
This won't work so well for logs spanning several days because the concept of a "unique" IP gets a bit blurry with different IPs being assigned as people reconnect but it will probably still be more accurate than just counting raws.
BTW the above assumes that the user-agent is actually logged... AFAIK the default Apache setup doesn't do this.