I just threw a hack script together real quick to get an idea of who is jamming me via CD2. crude, but effective:
target=`date|awk '{print $3"/"$2}'`
date=`date|cut -c5-11,25-|sed 's/\([0-9]\{1,2\}\)/\1,/'`
time=`date|awk '{print $4}'`
cat /var/log/httpd/access_log|grep default|awk '{print $1,$4}' >/tmp/codered
echo -n "Code Red II has hit your site on $date $time"|mail root
cat /tmp/codered|sort -u|grep $target|mail root
total=`cat /tmp/codered|sort -u|grep $target|wc -l`
echo "There have been $total CODE RED 2 hits as of $time"|mail root