View Single Post
Old 10-10-2007, 07:46 PM  
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,393
Quote:
Originally Posted by Shap View Post
he just ran
grep -ci "seekmo" /path/to/your-access.log


on each of the different spyware. funweb, zango, etc
I think this could be further refined, because it's counting raw hits rather than uniques. A surfer who goes through as many FHGs as he can find and grabs 100 videos/500 images will push up the total even though his spyware 'value' is the same as a surfer who views a single hotlinked image on a forum.

Something like this would probably work better:

first, count the total number of unique IPs in your log:
cat /path/to/access_log | awk '{print $1}' | sort -u | wc -l

then for each spyware name find the number of unique IPs that reference it:
grep -ci "seekmo" /path/to/access_log | awk '{print $1}' | sort -u | wc -l

This won't work so well for logs spanning several days because the concept of a "unique" IP gets a bit blurry with different IPs being assigned as people reconnect but it will probably still be more accurate than just counting raws.

BTW the above assumes that the user-agent is actually logged... AFAIK the default Apache setup doesn't do this.
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote