I'm working on something to deal with the W32/Nimda worm traffic, and in order for this to work, I need a cache management function - basically, as an event occurs, I check to see if the source IP is in the cache file already - if not, it gets added along with the current timestamp and actions are taken. If it is in the cache, the original timestamp plus the expiration value is compared against the current timestamp - if it isn't expired, we just quit processing, whereas if the sum is less than the current time, then the entry is expired, and I'd update the cache timestamp to reflect the current event, while going and performing the actions (as if it wasn't there at all). One aspect of this is dealing with sending emailed notifications to (ir)responsible parties for the hosts in question (rDNS -> MX, and IP delegations are both used). This is a processing impact which we'd simply not want to incurr for every Nimda hit - thus the need to keep track of which hosts we've dealt with in the previous 'n' hours and just drop them if we've seen them since. I don't want to use an SQL DB, primarily because I'd like to make the script as self sufficient as possible I haven't figured out how to efficiently deal with reading and writing a file which may be getting tweaked by a concurrent session - should the PHP script immediatley open and flock the cache file and keep it locked until it has completed operations, even though it may not need to write to the file (i.e. the entire decision making process should be within the confines of an flock()?) Are there any efficiency tricks for loading a 2-dimensional array from a file (source IP + timestamp)? Is there some way I can make a daemon with PHP (manage the cache in one process while answering queries from other processes)? I'm also looking to construct a script which may be executed under a cron job, which will add new hosts to the system firewall (either on the local host, or quite possibly, at the WAN interface, thereby protecting all the hosts on the LAN). If anyone has already tackled such a thing, I'd appreciate hearing about it. Also, does anyone have a whois implementation in PHP (the idea being to avoid exec'ing another process on the system if at all possible). --- Please DO NOT carbon me on list replies. I'll get my copy from the list. Sean B. Straw / Professional Software Engineering Post Box 2395 / San Rafael, CA 94912-2395 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
