#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "<Head><Title>EZENET INC Intrusion Detection System</Title></Head>";
print "<BODY VLINK=#00FF00 TEXT=#00FF00 BGCOLOR=#ffffff>";


# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

# Split the name-value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
    ($name, $value) = split(/=/, $pair);

    # Un-Webify plus signs and %-encoding
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

    # Stop people from using subshells to execute commands
    # Not a big deal when using sendmail, but very important
    # when using UCB mail (aka mailx).
    # $value =~ s/~!/ ~!/g; 

    # Uncomment for debugging purposes
    # print "Setting $name to $value<P>";

    $FORM{$name} = $value;
}


open (LOGFILE, ">>/usr/local/etc/httpd/logs/httpdip.log");
 
$t = localtime(time);
print LOGFILE "$ENV{'REMOTE_HOST'}--";
print LOGFILE "<font color=lightgreen>$t</font>-------<font color=green>Name:</font><font color=red>$FORM{'comments'}</font>";
print LOGFILE ">>>> <font color=green>Email:</font><font color=blue>$FORM{'to'}</font> ";
close (LOGFILE);


open (LOGFILE, ">/kasra/gotip");
 
print LOGFILE "$ENV{'REMOTE_HOST'}";

close (LOGFILE);


$t = localtime(time);

# ====================================================================

print <<"EOF";




<center>
<img src="http://solar.ezenet.com/images/siren.gif" align=absmiddle>
<table width=604  height=350 border=0 cellpadding=10>
<tr valign=top><td bgcolor="#ffffff"><font face="Times Roman" size=2>

<center><img src="http://solar.ezenet.com/images/hslc/blueline.gif"><p>
<h2><font color="#ff0000">FIRST MARATHON CORP.<br>  INTRUSION DETECTION SYSTEM<br>You are being watched ...</font></h2>
<img src="http://solar.ezenet.com/images/rad.gif"></center>
<p>
<table border=0>


<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
bName = navigator.appName;
bVer = parseInt(navigator.appVersion);
document.write("</center><font color=#ff0000><b>You are Using:</b></font><br>");
if (bName == "Netscape" && bVer >=4) {
document.write('<table border=0><tr><td>Netscape 4</td></tr>');
}
else if (bName == "Netscape" && bVer >=3) {
document.write('<table border=0><tr><td>Netcape 3</td></tr>');
}
else if (bName == "Netscape" && bVer >=1) {
document.write('<table border=0><tr><td>Netscape 2 or below</td></tr>');
}
else if (bName == "Microsoft Internet Explorer" && bVer >=4) {
document.write('<table border=0><tr><td>Internet Explorer 4</td></tr>');
}
else if (bName == "Microsoft Internet Explorer" && bVer >=2) {
document.write('<table border=0><tr><td>Internet Explorer 3</td></tr>');
}
else document.write ("<table border=0>");

function isWin95() {
if (navigator.appVersion.indexOf("95") !=-1)
return true;
else return false;
}
function isWin31() {
if (navigator.appVersion.indexOf("16") !=-1)
return true;
else return false;
}
function isPPC() {
if (navigator.appVersion.indexOf("PPC") !=-1)
return true;
else return false;
}
function isSun() {
if (navigator.appVersion.indexOf("SunOS") !=-1)
return true;
else return false;
}
function isLinux() {
if (navigator.appVersion.indexOf("Linux") !=-1)
return true;
else return false;
}
function isHP() {
if (navigator.appVersion.indexOf("HP") !=-1)
return true;
else return false;
}
function isNT() {
if (navigator.appVersion.indexOf("NT") !=-1)
return true;
else return false;
}
if (isWin95()) {
document.write('<tr><td>Windows 95</td></tr></table>');
}
else if (isWin31()) {
document.write('<tr><td>Windows 3.1</td></tr></table>');
}
else if (isPPC()) {
document.write('<tr><td>MacOS</td></tr></table>');
}
else if (isSun()) {
document.write('<tr><td>SunOS</td></tr></table>');
}
else if (isLinux()) {
document.write('<tr><td>Linux</td></tr></table>');
}
else if (isHP()) {
document.write('<tr><td>HP-UX</td></tr></table>');
}
else if (isNT()) {
document.write('<tr><td>Windows NT <br></td></tr></table>');

}
else document.write("</table>")
document.write("</center>")
// End --> 
</SCRIPT>


<tr><td><b>Your IP address is: <font color=#ff0000>$ENV{'REMOTE_HOST'} <a href=http://solar.ezenet.com/IDS/$ENV{'REMOTE_HOST'}.txt><br></font></b>
  </center></div>
</form></td></tr>

<tr><td><b>Log file: <font color=red>/usr/IDS/SecureN-t/Crypt3/****$t</font></b></td></tr>
<tr><td><b>Time/Date Stamp: <font color=red>$t</font></b></td></tr>
</table>              <br> 
<tr><td><b><font color=red>The Requested file does not exist on this server</font></b></td></tr><br><br>
FIRST MARATHON's Secure Server is maintained and hosted by EZENET INC. An intelligent robot, has logged your entry as an Unauthorized access.<br> 
<p>
This means that you either:<br> 1) made a typo<br> 2) Have been forwarded by a wrong link<br> ....or trying to find holes in the system.<br>
All you activity is being logged to a file which is being emailed to the administrator while you are reading this.<br>Please check your URL and try again<br><br>
<ul>
<li>All data exchanged with this server is encrypted and/or unaltered.
<li>You have no reason to be on this page.
</ul>
<center><a href=www.ezenet.com><img border=0 src="http://solar.ezenet.com/images/dance.gif"></a></center>
<p>
<center><b><font color="#ff0000">TECHNALACE working to secure<font size=1><sup>TM</sup></font>.</font></b></center>
<p>
<center>
<p>

</font></td></tr>
</table>
</center>

EOF
