#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "<Head><Title>EZENET INC Intrusion Detection System</Title></Head>";
print "<BODY VLINK=#00FF00 TEXT=#00FF00 BGCOLOR=#000000>";


# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

# Split the name-value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
    ($name, $value) = split(/=/, $pair);

    # Un-Webify plus signs and %-encoding
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

    # Stop people from using subshells to execute commands
    # Not a big deal when using sendmail, but very important
    # when using UCB mail (aka mailx).
    # $value =~ s/~!/ ~!/g; 

    # Uncomment for debugging purposes
    # print "Setting $name to $value<P>";

    $FORM{$name} = $value;
}

# system("/bin/sh usr/local/stronghold/cgi-bin/gogo");
open (LOGFILE, ">>/usr/local/stronghold/htdocs/httpdip.log");
 
$t = localtime(time);
print LOGFILE "$ENV{'REMOTE_HOST'}--";
print LOGFILE "<font color=lightgreen>$t</font>-------<font color=green>Name:</font><font color=red>$FORM{'comments'}</font>";
print LOGFILE ">>>> <font color=green>Email:</font><font color=blue>$FORM{'to'}</font> ";
close (LOGFILE);


open (LOGFILE, ">/cgi-bin/gotip");
 
print LOGFILE "$ENV{'REMOTE_HOST'}";

close (LOGFILE);


$t = localtime(time);

# ====================================================================

print <<"EOF";




<center>
<h2><font color="#ff0000">EZENET INC INTRUSION DETECTION SYSTEM</font><br><font color=eeeeee>You are being watched ...</font></h2><br><br><br><br>
<p>
</center>
<table border=0>

<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
bName = navigator.appName;
bVer = parseInt(navigator.appVersion);
document.write("</center><font color=#ff0000><b>You are Accessing one of our secure banking servers Using:</b></font><br>");
if (bName == "Netscape" && bVer >=4) {
document.write('<table border=0><tr><td>Netscape 4</td></tr>');
}
else if (bName == "Netscape" && bVer >=3) {
document.write('<table border=0><tr><td>Netcape 3</td></tr>');
}
else if (bName == "Netscape" && bVer >=1) {
document.write('<table border=0><tr><td>Netscape 2 or below</td></tr>');
}
else if (bName == "Microsoft Internet Explorer" && bVer >=4) {
document.write('<table border=0><tr><td>Internet Explorer 4</td></tr>');
}
else if (bName == "Microsoft Internet Explorer" && bVer >=2) {
document.write('<table border=0><tr><td>Internet Explorer 3</td></tr>');
}
else document.write ("<table border=0>");

function isWin95() {
if (navigator.appVersion.indexOf("95") !=-1)
return true;
else return false;
}
function isWin31() {
if (navigator.appVersion.indexOf("16") !=-1)
return true;
else return false;
}
function isPPC() {
if (navigator.appVersion.indexOf("PPC") !=-1)
return true;
else return false;
}
function isSun() {
if (navigator.appVersion.indexOf("SunOS") !=-1)
return true;
else return false;
}
function isLinux() {
if (navigator.appVersion.indexOf("Linux") !=-1)
return true;
else return false;
}
function isHP() {
if (navigator.appVersion.indexOf("HP") !=-1)
return true;
else return false;
}
function isNT() {
if (navigator.appVersion.indexOf("NT") !=-1)
return true;
else return false;
}
if (isWin95()) {
document.write('<tr><td>Windows 95</td></tr></table>');
}
else if (isWin31()) {
document.write('<tr><td>Windows 3.1</td></tr></table>');
}
else if (isPPC()) {
document.write('<tr><td>MacOS</td></tr></table>');
}
else if (isSun()) {
document.write('<tr><td>SunOS</td></tr></table>');
}
else if (isLinux()) {
document.write('<tr><td>Linux</td></tr></table>');
}
else if (isHP()) {
document.write('<tr><td>HP-UX</td></tr></table>');
}
else if (isNT()) {
document.write('<tr><td>Windows NT <br></td></tr></table>');

}
else document.write("</table>")
document.write("</center>")
// End --> 
</SCRIPT>


<tr><td><b>Log Address: <font color=#ff0000>$ENV{'REMOTE_HOST'} </font></b>
  </center></div>
</form></td></tr>

<tr><td><b>Log file: <font color=red>/usr/IDS/SecureN-t/Crypt3/$ENV{'REMOTE_HOST'}****$t.log</font></b></td></tr>
<tr><td><br><b>Time/Date Stamp: <font color=red>$t</font></b></td></tr>
</table></center>              <br> 
Ezenet Inc's  Secure Server is maintained and hosted by me, TECHNALACE. an intelligent robot, written and designed by my master guru. 
<p>
The Ip address that you are using to access this host has been identified as 
suspect and potentially hostile.<br>

Your IP address belongs to one of the following service providers:<br>
<br>
<br>
<font color=ffff00>


IN U.S.A.:<br>
AOL  (America Online)<br>
2600 (Hacktheplanet)<br>
<br>
IN CANADA:<br>
Pathcom (Pathcom)<br>
AOL (AOL CANADA)<br>
Interlog (Interlog)<br>
RogersWave (Rogers)<br>
</font>

All your activity is being logged to a file which is being emailed to the ADMIN.(Kasra Meshkin). 
<ul>
<li>All data exchanged with this server is encrypted and/or unaltered.
<li>Visits to this site is not allowed for your IP address.
</ul>
<p>
<center><b><font color="#ff0000">TECHNALACE working to secure<font size=1><sup>TM</sup></font>.</font></b></center>
<p>
<center>
<p>

</font></td></tr>
</table>
</center>

EOF
