1read 100read
2011年11月2期自宅サーバ19: アタックNo1してきたIPを晒すスレ (106)
TOP カテ一覧 スレ一覧 2ch元 削除依頼 ▼
アタックNo1してきたIPを晒すスレ
1 :11/02/01 〜 最終レス :11/11/03 涙が出ちゃう
2 : 212.83.42.101 WEBの常連さん。 MyAdmin myadmin mysql phpMyAdmin phpmyadmin pma webdav geeklog/bbs/fckeditor/editor その他色々なフォルダを探して手当たりしだいアクセス、sshのログインも一生懸命してくる
3 : >>2 IP毎回違うけど、うちにもphpMyAdminとかpmaとか探しに何回も来てるよ
4 : phpMyAdminは多いいね。 それ以外はロボットばっかり
5 : Feb 1 20:53:36 192 sshd[30181]: refused connect from ::ffff:221.206.130.3 (::ffff:221.206.130.3) Feb 1 21:50:22 192 sshd[30308]: refused connect from ::ffff:221.206.130.3 (::ffff:221.206.130.3) Feb 1 23:10:01 192 sshd[30585]: refused connect from ::ffff:61.163.56.24 (::ffff:61.163.56.24) Feb 1 23:50:12 192 sshd[30654]: refused connect from ::ffff:61.163.56.24 (::ffff:61.163.56.24) Feb 2 00:20:23 192 sshd[30768]: refused connect from ::ffff:60.12.11.62 (::ffff:60.12.11.62) Feb 2 01:54:23 192 sshd[30957]: refused connect from ::ffff:128.226.170.170 (::ffff:128.226.170.170) Feb 2 04:37:54 192 sshd[31317]: refused connect from ::ffff:202.205.176.115 (::ffff:202.205.176.115) SSHのポートを22から変えたら全く来なくなったけど、試しに22に戻したらまた来た。 22が開いてるところしか狙ってないのかな。
6 : うちもphpMyAdmin関係は多い # cat /var/log/httpd/access_log | grep 110.172.52.5 | wc -l 951
7 : crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 228 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:01 +0900] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:01 +0900] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:04 +0900] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:04 +0900] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 239 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:07 +0900] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:07 +0900] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:09 +0900] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:22 +0900] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 232 こういう奴か
8 : こいつ アタックNO1w FNAfb-09p2-253.ppp11.odn.ad.jp
9 : 91.121.243.113 >7と同じ。phpMyAdmin関係総なめ
10 : >2 sshdは、denyhostお勧め。 アタックしてきたアドレスを、自動でブロックしてくれる。 我が家の現状: % egrep ^sshd /etc/hosts.deny | wc -l 1100
11 : apacheってリクエストがないとログ記録されないっけ
12 : ,, -――-、 | アタックチャンス !! //ヾソ)),il|,);r、. 人 /";彡`ヾド!ソツノ゙ミヾ、  ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ i;彡 _ _ ミ. i ,i;;;彡 ,.,._ . :_..、ヾ/ i:yv. ´;.。.、`; ;。:、 リ ヽ`i 、 _;ノ,: i、:_,. ! `| ,__、,.r、_.bヽ. ,′ /r´.三ミD‐-;→;ソ , : -´ ̄|::::|´^, r〕!Ξ´.ノ‐- 、. /::::::::::::::::ヽノ )´、:_丿|::\:::::::`‐-、. ./ :::::::\_:::::::∧ , _.∧ ./.ヽ !:::::::ヽ:::::::::|:`,
13 : googleのbotしかこねー
14 : 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /roundcubemail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /rc/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /webmail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /roundcube/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /mail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /README HTTP/1.1" 404 444 "-" "Morfeus strikes again." phpMyAdmin以外に、こんな奴も最近来るようになった
15 : これは何がしたいんだ
16 : http://www.ipa.go.jp/security/fy21/reports/tech1-tg/a_07.html Roundcube
17 : これは何がしたいんだ
18 : 単純にroundcubeを置いてるかどうか探してるんでしょ roundcube使ったことないから知らないけど、phpMyAdminみたいにセキュリティホールあるんじゃないの?
19 : 先月はこんな感じ。去年に比べてだいぶ減ったなぁ。 http://uproda.2ch-library.com/3421976IH/lib342197.jpg
20 : >>14 と全く同じのが来てた 日時もほぼ同じ あとこんなのとか 67.205.111.77 (5rreo.com) Date,Time,Method,URL,Query,HTTP,Status,Size,Referer,Keyword,Agent 2011/02/04,03:15:23,GET,"/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:24,GET,"/cart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:25,GET,"/zen-cart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:25,GET,"/zencart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:26,GET,"/zen/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:27,GET,"/butik/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:27,GET,"/shop/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:28,GET,"/butik/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:28,GET,"/zcart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:29,GET,"/catalog/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:29,GET,"/shop2/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:30,GET,"/boutique/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:31,GET,"/store/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola"
21 : http://members3.jcom.home.ne.jp/rising-sun/ こちらにURLを掲載されてから、スパマーが大挙して書き込みに来るようになりました。 それまで5hot/月くらいだったので、どうやって俺のサイトを見つけたのか不思議です。
22 : 馬鹿サイトサーチャーに引っかかったんじゃねw あほかと
23 : >>21 馬鹿だろ? 自しなさい
24 : 5分から数時間周期で、うちの掲示板を爆撃してくれてるIPの方々 125-14-198-192.rev.home.ne.jp 155.215.232.111.ap.yournet.ne.jp 173.60.112.219.ap.yournet.ne.jp 182-167-50-41f1.kyt1.eonet.ne.jp 36.76.44.61.ap.yournet.ne.jp 55.223.183.58.megaegg.ne.jp fa211-113.infoaomori.ne.jp fe219-224.infoaomori.ne.jp gd202157012064.u31.kcn-tv.ne.jp i121-115-10-40.s05.a002.ap.plala.or.jp i60-34-249-28.s05.a002.ap.plala.or.jp kd111098033213.ppp-bb.dion.ne.jp nttkyo787161.tkyo.nt.ftth.ppp.infoweb.ne.jp p1208-ipbf11matuyama.ehime.ocn.ne.jp p2176-ipbf31osakakita.osaka.ocn.ne.jp p2220-ipbf217hodogaya.kanagawa.ocn.ne.jp p4001-ipbf506okidate.aomori.ocn.ne.jp p4043-ipbfp505oomichi.oita.ocn.ne.jp p6107-ipad24osakakita.osaka.ocn.ne.jp fe219-224.infoaomori.ne.jp gd202157012064.u31.kcn-tv.ne.jp i121-115-10-40.s05.a002.ap.plala.or.jp i60-34-249-28.s05.a002.ap.plala.or.jp kd111098033213.ppp-bb.dion.ne.jp nttkyo787161.tkyo.nt.ftth.ppp.infoweb.ne.jp p1208-ipbf11matuyama.ehime.ocn.ne.jp p2176-ipbf31osakakita.osaka.ocn.ne.jp p2220-ipbf217hodogaya.kanagawa.ocn.ne.jp p4001-ipbf506okidate.aomori.ocn.ne.jp p4043-ipbfp505oomichi.oita.ocn.ne.jp p6107-ipad24osakakita.osaka.ocn.ne.jp pd9c147.aicint01.ap.so-net.ne.jp softbank126028210215.bbtec.net z130201.dynamic.ppp.asahi-net.or.jp
25 : 今日のエロPOST 110.4.130.201 111.232.215.155 112.136.113.83 113.146.93.230 113.197.189.143 114.168.207.139 114.170.128.214 114.184.9.220 118.104.172.220 118.104.179.201 118.109.143.39 118.8.38.149 118.9.220.244 119.106.141.196 119.171.129.173 119.240.104.41 121.110.118.125 121.112.239.228 121.84.232.185 121.87.9.57 121.94.255.149 122.132.10.123 122.135.162.147 123.220.39.220 124.147.111.65 124.214.165.15 124.24.204.121 124.96.171.120 124.96.52.43 125.14.198.192 125.204.241.189 125.207.20.146 126.127.166.209 126.131.28.248 126.14.122.149 150.70.75.161 180.131.90.82 180.144.58.187 180.221.227.142 180.5.197.245 182.167.80.18 182.168.195.197 183.76.79.10 202.157.12.64 202.226.208.164 202.226.214.49 211.2.66.140 216.104.15.130 216.104.15.134 216.104.15.138 216.104.15.142 218.231.172.112 219.111.124.66 219.112.60.122 219.8.100.11 220.56.10.183 221.190.78.15 221.20.34.163 222.144.50.1 222.226.145.26 58.0.105.152 58.169.234.43 58.183.5.68 58.188.233.9 60.237.4.90 60.239.223.164 60.39.34.90 61.210.188.161 61.44.54.37 61.46.27.183 61.89.161.187 61.89.165.136
26 : 上の奴へ ポスト系は、IP変えながら投げるツールが腐るほどあるから いくら晒しても無駄だと思われ。 ツール使えば月50万くらいは稼げるぞw
27 : MA NU KE HA SI N DE KU RE
28 : >>26 IP変えてくる奴もいるけど、 223.132.1.24は、9千回以上ログに出てくる
29 : 220.105.173.3
30 : p840118.tokynt01.ap.so-net.ne.jp
31 : 苦しくたって 悲しくたって jailの中なら平気なの? …スマソ
32 : 91.121.108.5 [22/Feb/2011:01:49:51 +0900] "GET /scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:49:51 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 91.121.108.5 [22/Feb/2011:01:49:52 +0900] "GET /db/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:49:57 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:03 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:09 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:15 +0900] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:21 +0900] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:27 +0900] "GET /web/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:30 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 89.149.242.190 [22/Feb/2011:02:44:31 +0900] "GET /PHPMYADMIN/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:31 +0900] "GET /3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:37 +0900] "GET /PMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:43 +0900] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:52 +0900] "GET /SSLMySQLAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:58 +0900] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:04 +0900] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:10 +0900] "GET /admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:16 +0900] "GET /bbs/data/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:22 +0900] "GET /cpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:28 +0900] "GET /cpadmindb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:34 +0900] "GET /cpanelmysql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:40 +0900] "GET /cpanelphpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:46 +0900] "GET /cpanelsql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:52 +0900] "GET /cpdbadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:58 +0900] "GET /cpphpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:04 +0900] "GET /db/scripts/setup.php HTTP/1.1" 404 REF:-
33 : 89.149.242.190 [22/Feb/2011:02:46:10 +0900] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:16 +0900] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:22 +0900] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:28 +0900] "GET /mysql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:34 +0900] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:35 +0900] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:41 +0900] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:35 +0900] "GET /mysqladminconfig/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:47 +0900] "GET /pMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:53 +0900] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:59 +0900] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:05 +0900] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:11 +0900] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:17 +0900] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:23 +0900] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:29 +0900] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:35 +0900] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:41 +0900] "GET /phpMyAdmin-2.5.5-rc1config/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:47 +0900] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:53 +0900] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:59 +0900] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:05 +0900] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:11 +0900] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:17 +0900] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:23 +0900] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:29 +0900] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:35 +0900] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 REF:-
34 : 89.149.242.190 [22/Feb/2011:02:48:39 +0900] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:38 +0900] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:45 +0900] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:51 +0900] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:57 +0900] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:03 +0900] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:09 +0900] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:15 +0900] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:21 +0900] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:27 +0900] "GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:33 +0900] "GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:39 +0900] "GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:45 +0900] "GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:51 +0900] "GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:57 +0900] "GET /phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:03 +0900] "GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:09 +0900] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:15 +0900] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:21 +0900] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:27 +0900] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:33 +0900] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:39 +0900] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:43 +0900] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:42 +0900] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:49 +0900] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:55 +0900] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:01 +0900] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:07 +0900] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:13 +0900] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:19 +0900] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 REF:-
35 : 89.149.242.190 [22/Feb/2011:02:51:25 +0900] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:31 +0900] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:37 +0900] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:43 +0900] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:49 +0900] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:55 +0900] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:01 +0900] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:07 +0900] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:13 +0900] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:19 +0900] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:25 +0900] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:31 +0900] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:37 +0900] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:43 +0900] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:46 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:46 +0900] "GET /phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:52 +0900] "GET /phpMyAdmin2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:58 +0900] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:04 +0900] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:10 +0900] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:16 +0900] "GET /phpmya/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:22 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:28 +0900] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:34 +0900] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:40 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:46 +0900] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:52 +0900] "GET /roundcube/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:58 +0900] "GET /scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:04 +0900] "GET /sl2/data/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:10 +0900] "GET /sqladmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:16 +0900] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:22 +0900] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 REF:-
36 : 89.149.242.190 [22/Feb/2011:02:54:28 +0900] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:34 +0900] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:40 +0900] "GET /web/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:46 +0900] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:50 +0900] "GET /webdb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:50 +0900] "GET /websql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:56 +0900] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:02 +0900] "GET /~/PMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:08 +0900] "GET /~/admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:14 +0900] "GET /~/myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:20 +0900] "GET /~/phpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:26 +0900] "GET /~/phpmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:32 +0900] "GET /~/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:38 +0900] "GET :2086/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 400 REF:- 89.149.242.190 [22/Feb/2011:02:55:44 +0900] "GET :2087/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 400 REF:- 89.149.242.190 [22/Feb/2011:02:55:50 +0900] "GET :81/phpmyadmin/scripts/setup.php HTTP/1.1" 400 REF:- アタックなんて映画の中だけの話だと思ってました
37 : ついでにユーザエージェント UA:ZmEu
38 : phpmyadminが大好きなんだろうな i125-202-167-50.s10.a029.ap.plala.or.jp
39 : 89.106.13.209 - - [24/Feb/2011:03:08:57 +0900] "GET //phpmyadmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:57 +0900] "GET //phpMyAdmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:58 +0900] "GET //admin/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:59 +0900] "GET //dbadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:59 +0900] "GET //myadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:00 +0900] "GET //mysql/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:01 +0900] "GET //mysqladmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:01 +0900] "GET //phpadmin/ HTTP/1.1" 403 211 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:02 +0900] "GET //pma/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:03 +0900] "GET //phpdb/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:03 +0900] "GET //db/ HTTP/1.1" 403 205 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:04 +0900] "GET //mysqladmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:05 +0900] "GET //SQL/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:05 +0900] "GET //padmin/ HTTP/1.1" 403 209 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:06 +0900] "GET //pmadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:07 +0900] "GET //webdb/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 既出かな?
40 : 既出っていうか、もう手当たり次第って感じだな でも、うちには何週間か来てない
41 : pma関係は来るときはドカッとくる
42 : ::1 - - [25/Feb/2011:04:07:33 +0900] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" 手前は節穴か
43 : 77.222.43.19 - - [25/Feb/2011:22:57:37 +0900] "GET //phpmyadmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:38 +0900] "GET //phpMyAdmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:38 +0900] "GET //MyAdmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:41 +0900] "GET //myadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:44 +0900] "GET //pma/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:45 +0900] "GET //mysql/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" mod_geoipで弾いてるから実害無いが また来てやがる
44 : //っていうのがうざいよね。 馬鹿なのって思うわ。
45 : いや、馬鹿なんでしょ。
46 : 195.7.10.56 [26/Feb/2011:13:38:52 +0900] GET //phpMyAdmin/scripts/setup.php HTTP/1.1 404 226 195.7.10.56 [26/Feb/2011:13:38:52 +0900] GET //phpMyAdmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:53 +0900] GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1 404 228 195.7.10.56 [26/Feb/2011:13:38:54 +0900] GET //phpadmin/scripts/setup.php HTTP/1.1 404 224 195.7.10.56 [26/Feb/2011:13:38:55 +0900] GET //phpmyadmin/scripts/setup.php HTTP/1.1 404 226 195.7.10.56 [26/Feb/2011:13:38:55 +0900] GET //phpmyadmin.old/scripts/setup.php HTTP/1.1 404 230 195.7.10.56 [26/Feb/2011:13:38:56 +0900] GET //old.phpmyadmin/scripts/setup.php HTTP/1.1 404 230 195.7.10.56 [26/Feb/2011:13:38:57 +0900] GET //phpmyadmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:58 +0900] GET //phpmyadmin-2/scripts/setup.php HTTP/1.1 404 228 195.7.10.56 [26/Feb/2011:13:38:58 +0900] GET //phpmyadmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:59 +0900] GET //phpmyadmin2/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:39:00 +0900] GET //pma/scripts/setup.php HTTP/1.1 404 219 とか 46.4.50.141 [27/Feb/2011:03:17:47 +0900] GET //lists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 219 46.4.50.141 [27/Feb/2011:03:17:47 +0900] GET //newsletter/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 224 46.4.50.141 [27/Feb/2011:03:17:48 +0900] GET //news/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 218 46.4.50.141 [27/Feb/2011:03:17:49 +0900] GET //phplist/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 221 46.4.50.141 [27/Feb/2011:03:17:49 +0900] GET //phpList/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 221 46.4.50.141 [27/Feb/2011:03:17:50 +0900] GET //admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 213 46.4.50.141 [27/Feb/2011:03:17:50 +0900] GET //phplist/lsts/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 226 46.4.50.141 [27/Feb/2011:03:17:51 +0900] GET //phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 222 46.4.50.141 [27/Feb/2011:03:17:51 +0900] GET //list/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 212 のが 1日1回くらい記録されているかなぁ。 SSHDにもやってくる。 reverse mapping checking getaddrinfo for 122.3.134.131.pldt.net [122.3.134.131] failed - POSSIBLE BREAK-IN ATTEMPT! : 202 time(s) reverse mapping checking getaddrinfo for 178-162-164-39.local [178.162.164.39] failed - POSSIBLE BREAK-IN ATTEMPT! : 55 time(s) Address 64.235.57.228 maps to lasvegas-nv-datacenter.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
47 : >>46 これうちにも来てる
48 : # ping localhost # rm -rf /
49 : メールサーバへの攻撃 113.244.196.159 1日1万通以上はじいてるのに懲りないww
50 : 193.252.15.94 lputeaux-151-43-28-94.w193-252.abo.wanadoo.fr 89.2.94.115 ip-115.net-89-2-94.rev.numericable.fr
51 : 162.78.3.110.ap.yournet.ne.jpなんやて
52 : 74.3.202.84 - - [20/Mar/2011:08:01:18 +0900] "HEAD /phpmyadmintting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //phpMyAdmin/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //admin/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //mysql/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //phpmyadmin2/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:20 +0900] "HEAD /epgrec/envSetting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" PMANと結婚しろ
53 : 昨夜21時過ぎからSMTP鯖へ2~3秒毎に延々アタック > "2011-04-04 21:15:49","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:51","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:53","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:55","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:57","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:00","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:02","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:04","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:06","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:08","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:10","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:12","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:14","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:16","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:18","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" 以下略
54 : なんか見慣れないものがあった > 2011/04/10,07:49:13,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/","","1.1",200,8097 > 2011/04/10,07:49:17,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:17,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:17,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077
55 : > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077
56 : > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077
57 : 49.212.19.24 www1230ub.sakura.ne.jp 49.212.21.126 www1102ud.sakura.ne.jp
58 : 41.89.28.4 - - [30/Apr/2011:14:35:13 +0900] "GET /webdav/test HTTP/1.1" 404 289 "-" "-" 217.243.187.36 - - [30/Apr/2011:23:45:49 +0900] "GET /webdav/test HTTP/1.1" 404 289 "-" "-" 81.201.60.163 - - [02/May/2011:05:29:09 +0900] "GET /sd/1M HTTP/1.1" 404 280 "-" "-" 195.246.217.24 - - [03/May/2011:07:51:26 +0900] "GET /user/soapCaller.bs HTTP/1.1" 404 296 "-" "Morfeus Fucking Scanner"
59 : 123.30.109.21 - - [04/May/2011:17:00:57 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:00:57 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:00:58 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 310 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:01:06 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:01:07 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:01:07 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 310 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:02:07 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:02:07 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:02:07 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 310 "-" "ZmEu"
60 : 46.28.109.24 [2011.4/03-12:12:23 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:23 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:29 +0900] "GET //dbadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:24 +0900] "GET //admin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:35 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:41 +0900] "GET //mysql/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:47 +0900] "GET //mysqladmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:53 +0900] "GET //phpadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:59 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:05 +0900] "GET //phpdb/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:11 +0900] "GET //db/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:17 +0900] "GET //mysqladmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:23 +0900] "GET //SQL/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:29 +0900] "GET //padmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:35 +0900] "GET //pmadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:41 +0900] "GET //webdb/ HTTP/1.1" 404 REF:-
61 : 113.140.75.222 [2011.4/03-19:45:58 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:45:59 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:00 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:05 +0900] "GET //dbadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:11 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:17 +0900] "GET //phppgadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:23 +0900] "GET //PMA/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:29 +0900] "GET //admin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:35 +0900] "GET //MyAdmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:55:54 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:55:54 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:55:55 +0900] "GET //MyAdmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:56:01 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:56:07 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:56:13 +0900] "GET //mysql/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:03 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:04 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:05 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:10 +0900] "GET //dbadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:16 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:22 +0900] "GET //phppgadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:28 +0900] "GET //PMA/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:34 +0900] "GET //admin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:41 +0900] "GET //MyAdmin/ HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/20-13:22:53 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/20-13:22:52 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/30-00:16:47 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 123.30.109.21 [2011.4/30-00:16:48 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/30-00:16:48 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:05 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:05 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 113.57.252.72 [2011.5/04-11:08:06 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:07 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:12 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:-
62 : phpadminの何を狙ってるんだろう?
63 : phpMyAdminのsetup.phpのセキュリティホールで任意のコマンドが実行できるらしい http://www.nttdata-sec.co.jp/article/vulner/pdf/report20090615.pdf
64 : http://metalgeargadaisuki.blog6.fc2.com/
65 : googlebotから謎のアクセス なんだこれ。。。 66.249.69.28 - - [05/May/2011:20:52:21 +0900] "GET /upload/viewer_board/wdviewer.exe HTTP/1.1" 404 315 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) " 66.249.69.28 - - [05/May/2011:20:52:24 +0900] "GET /upload/viewer_board/HwpViewer2007.exe HTTP/1.1" 404 320 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) " 66.249.67.73 - - [05/May/2011:20:52:24 +0900] "GET /upload/viewer_board/AdbeRdr70_kor_full.exe HTTP/1.1" 404 325 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) " 66.249.69.28 - - [05/May/2011:20:52:25 +0900] "GET /upload/viewer_board/Hunv2k.exe HTTP/1.1" 404 313 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) "
66 : GooglebotってそんなUAだったか?
67 : そうだよ
68 : 1年前に削除したKENTWEBのcgiに向かって、今でも毎日数十アクセスある。 apacheのアクセスログもエラーログも、404やら、File does not existのエラーメッセージでいっぱいwww IP分散SEOの業者だと思うが、IPをランダム変化させながら広告を発射してくるので、iptablesに都度登録するスクリプトいれても 全くもってリソースの無駄。指定したアドレス(削除されたcgi)にアクセスしたIPはDROPするよう自動登録してるが、もう9000件を超えて iptablesに食わせる、こっちのメモリリソースが無駄な気がしてきた。 最近のご丁寧に、リファラも指定して打ち込んでくるようになった。すぞwwwwww http://link.iclub.to/0791597/ http://link.iclub.to/0933/ http://link.iclub.to/13571357/ http://link.iclub.to/nasato/ http://link.iclub.to/neko38/ http://link2.iclub.to/0762609/ http://link3.iclub.to/2264770/ http://link3.iclub.to/2889785/ http://link3.iclub.to/36912/ http://link4.iclub.to/kabu/ http://link6.iclub.to/uru80ta/
69 : 113.33.224.197 ftpアタきたんだけど、リモートデスクトップ開放してるが大丈夫なのかこれ
70 : 208.51.40.50 ずーとポートスキャンしてきてた このIPアドレスを調べたら中国の新聞(?)サイトらしき所に行き着いたけれど、クラックでもされてるんかな
71 : 85.25.131.109 - - [16/Jun/2011:03:21:39 +0900] "GET /admin/Y-ivrrecording.php?php=info&ip=uname HTTP/1.1" 404 385 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0" 最近、3日おきぐらいにY-ivrrecording.phpへのアクセスしてくるようになった そんなファイル置いてないけど
72 : 今こいつが来とる 66.241.100.228 内容は>>61 と同じ
73 : 182.164.91.73
74 : 新たなインジェクション攻撃、すでに3万サイトが感染か http://hibari.2ch.net/test/read.cgi/pcnews/1308317712/
75 : 219.135.253.80(80.253.135.219.broad.gz.gd.dynamic.163data.com.cn) 中国から FTPにAdministratorでログインしようとしてた
76 : 114.173.176.253 p17253-ipngn100102okayamaima.okayama.ocn.ne.jp 114.174.207.4 p12004-ipngn100105osakakita.osaka.ocn.ne.jp 114.174.253.34 p14034-ipngn100108osakakita.osaka.ocn.ne.jp 114.173.15.191 p12191-ipngn100403kobeminato.hyogo.ocn.ne.jp 114.173.137.79 p18079-ipngn100204niho.hiroshima.ocn.ne.jp 1日20〜30回TCP445への接続を試みてくる そろそろうざい
77 : 一日50〜120くらいftpにattackくるな swatchで叩き落としてるが
78 : 次スレのスレタイはこうなるの? アタックNo2してきたIPを晒すスレ
79 : アタックチャンス
80 : 適当なところが見つからなかったんで。最近になって、 125.175.54.138 - - [15/Jul/2011:03:32:55 +0900] "GET /you/new.htm HTTP/1.1" 200 55472 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 125.175.54.138 - - [15/Jul/2011:03:32:56 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:32:56 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:35:02 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:35:03 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:35:03 +0900] ↑ ・・・以下延々と続く・・・ というログが目に付くようになった。ソースIPは日本国内。 アクセス先のURLは正しいURLなんだが、中に張ってある画像へのアクセスはなく、 このページだけ何度もアクセスしてくる。refererもなし。 特徴として、必ず3回ひとまとめでアクセスがあって、 その後100秒〜200秒して次のアクセスがある。 ・・・なんだろう? これ。
81 : 31.25.136.18 - - [21/Jun/2011:19:48:48 +0900] "GET /admin/Y-ivrrecording.php?php=info&ip=uname HTTP/1.1" 403 1506 193.227.186.153 - - [21/Jun/2011:14:05:16 +0900] "GET /admin/config.php HTTP/1.1" 403 1506 この2つのPHPに最近よくアクセスくるな。 置いてないのに。 JPまたは逆引き出来ないHOSTからは弾いてるんだけど、404返したほうがいいのかな
82 : >>80 URLから察するに、何かの更新情報とかを書いてるページ? だとしたらスクレイピング目的のアクセスだと思う 実際どんなページなのかわからんから憶測だけど、たぶん悪意はないと思うよ >>81 その手のはbotだから404返したところで無意味
83 : >>82 更新情報と、あとリンク集のページにも似たようなアクセスがある。 意外に、referer spamばら撒くプログラムが動いてるけど、 セキュリティソフトがreferer止めてるとか・・・。 でもreferer spamはもうちょっと挙動が違うんだよな。
84 : リファラスパムにしては間隔がきっちりしすぎてると思う… 試しにHTMLの構造変えて様子見してみ それでペースが崩れたり人の手でアクセスしてくるような痕跡があるかどうか
85 : 68.169.42.240 - - [30/Jul/2011:23:34:52 +0900] "GET //scripts/setup.php HTTP/1.1" 404 215 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:52 +0900] "GET //admin/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:53 +0900] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 225 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:53 +0900] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:53 +0900] "GET //db/scripts/setup.php HTTP/1.1" 404 218 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:54 +0900] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:54 +0900] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:54 +0900] "GET //mysql/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 224 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:56 +0900] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:56 +0900] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:56 +0900] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:57 +0900] "GET //pma/scripts/setup.php HTTP/1.1" 404 219 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:57 +0900] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 230 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:57 +0900] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //web/scripts/setup.php HTTP/1.1" 404 219 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 228 "-" "-"
86 : 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //websql/scripts/setup.php HTTP/1.1" 404 222 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:59 +0900] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:59 +0900] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:59 +0900] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:01 +0900] "GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:01 +0900] "GET //phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:01 +0900] "GET //phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:02 +0900] "GET //phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:02 +0900] "GET //phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:02 +0900] "GET //phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:04 +0900] "GET //phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 239 "-" "-"
87 : 68.169.42.240 - - [30/Jul/2011:23:35:04 +0900] "GET //phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:04 +0900] "GET //phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:05 +0900] "GET //phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:05 +0900] "GET //phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:05 +0900] "GET //phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:07 +0900] "GET //phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:07 +0900] "GET //phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:07 +0900] "GET //phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:08 +0900] "GET //phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:08 +0900] "GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:08 +0900] "GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:09 +0900] "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:09 +0900] "GET //phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:09 +0900] "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:10 +0900] "GET //phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:10 +0900] "GET //phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
88 : 68.169.42.240 - - [30/Jul/2011:23:35:10 +0900] "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:12 +0900] "GET //phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:12 +0900] "GET //phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:12 +0900] "GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:13 +0900] "GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:13 +0900] "GET //phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:13 +0900] "GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:15 +0900] "GET //phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:15 +0900] "GET //phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:15 +0900] "GET //phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:16 +0900] "GET //phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:16 +0900] "GET //phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
89 : 68.169.42.240 - - [30/Jul/2011:23:35:16 +0900] "GET //phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:18 +0900] "GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:18 +0900] "GET //phpMyAdmin-2.8.2.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:18 +0900] "GET //phpMyAdmin-2.8.2.2/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.8.2.3/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.8.2.4/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.10.0.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.10.0.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:20 +0900] "GET //phpMyAdmin-2.10.0.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:20 +0900] "GET //phpMyAdmin-2.10.1.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:20 +0900] "GET //phpMyAdmin-2.10.2.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:21 +0900] "GET //phpMyAdmin-2.11.0.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:21 +0900] "GET //phpMyAdmin-2.11.1.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:21 +0900] "GET //phpMyAdmin-2.11.1.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.1.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.2.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
90 : 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.2.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.2.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:23 +0900] "GET //phpMyAdmin-2.11.3.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:23 +0900] "GET //phpMyAdmin-2.11.4.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:23 +0900] "GET //phpMyAdmin-2.11.5.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:24 +0900] "GET //phpMyAdmin-2.11.5.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:24 +0900] "GET //phpMyAdmin-2.11.5.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:24 +0900] "GET //phpMyAdmin-2.11.6.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.7.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.7.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.8.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.9.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:26 +0900] "GET //phpMyAdmin-2.11.9.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:26 +0900] "GET //phpMyAdmin-2.11.9.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:26 +0900] "GET //phpMyAdmin-2.11.9.3/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-2.11.9.4/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-3.0.0.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-3.0.1.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-3.0.1.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:28 +0900] "GET //phpMyAdmin-3.0.2.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
91 : 68.169.42.240 - - [30/Jul/2011:23:35:28 +0900] "GET //phpMyAdmin-3.1.0.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:28 +0900] "GET //phpMyAdmin-3.1.1.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:29 +0900] "GET //phpMyAdmin-3.1.2.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:29 +0900] "GET //phpMyAdmin-3.1.3.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:29 +0900] "GET //phpMyAdmin-2.9.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.0.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.0.2/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:31 +0900] "GET //phpMyAdmin-2.9.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:31 +0900] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:31 +0900] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //pma2006/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:33 +0900] "GET //pma2007/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:33 +0900] "GET //pma2008/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:33 +0900] "GET //pma2009/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:34 +0900] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 226 "-" "-"
92 : 68.169.42.240 - - [30/Jul/2011:23:35:34 +0900] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:34 +0900] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 224 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 222 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //websql/scripts/setup.php HTTP/1.1" 404 222 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //webdb/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:36 +0900] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:36 +0900] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:36 +0900] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 229 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:37 +0900] "GET //admm/scripts/setup.php HTTP/1.1" 404 220 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:37 +0900] "GET //admn/scripts/setup.php HTTP/1.1" 404 220 "-" "-" 歴代PHPMyAdmin探してるっぽい
93 : >>92 おまえ、気持ち悪い
94 : 意味不明ワロチ
95 : >>93 お前馬鹿かスレタイ100回音読しろ >>85-92 は文字量は多いが アタックのやってきた様子もよくわかる。だから価値アリで問題なし。 ∩___∩ \ヽ | ノ ヽ \ \ヽ / ● ● | ヽ ヽ \ | ( _●_) ミ i l ヽ 彡、 |∪| ノ i l l i / _ ヽノ ) l i | l (___) / / ,,-----、 / / |;:::: ::::| ⊂二(⌒ )二二二|;:::: ::::|⊃ /', ', ¨  ̄ ヽ∴。|;::::',ヾ,::::| /。・,/∴ -:'ヾ|!|!!,i,,!ii,!l,・∵,・、 >>93
96 : phpMyAdminアタックが多いわ
97 : 外からのアタックではないんだが・・・BINDのスレはあるけど、 DNS全般のスレはなさそうだったので(なくなっちゃった?)。 構内のPCがDNSキャッシュに対して、 ランダム文字列.DHCPの返したドメイン というクエリを3回続けて出してるログが・・・。 1日数回やらかすこともあれば、やらかなさない日もある。 何がトリガになっているのかも分からない。 もちろんNXDOMAINが返るんだが、カミンスキーでもなさそうだし。 今のところ実害はないけど、なんかちょっと気持ち悪い。 何かご存知の方、いらっしゃいます?
98 : おまえ宇宙人だろ、地球の言葉で書け
99 : おまえ地球人だろ、宇宙人の言葉で書け
100read 1read
1read 100read
TOP カテ一覧 スレ一覧 2ch元 削除依頼 ▲