Re: [Lug-bg] Какво означават тези записи в апачи лога

["Mario Peshev" <nofearinc@xxxxxxxxx>]

210.150.124.117 - - [22/Jan/2007:19:56:17 +0200] "GET
/thisdoesnotexistahaha.php HTTP/1.1" 404 314 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"

Вероятно някой хлапак се е опитал да се направи на хакер и да проникне в системата или да разбие по някакъв начин апаша. Такива псевдо- атентатори не са ти нужни и може да ги блокираш.

On 1/23/07, Boril Gourinov <boril.gourinov@xxxxxxxxx> wrote:

Здравейте, от извесно време в апачи лога засичам посочените по долу
записи. Какво означават? Някой се опитва да проникне непозволено в
компютъра ли? Всъщност нямам такива файлове или директории, каквито са
описани в заявките на сайта ми. Ако сложа IP адресите от които идват
тези заявки в /etc/hosts.deny  ще спомогна ли да се защити компютъра и
трябва ли да направя нещо повече.
Благодаря предварително.

Борил Гуринов

Система: Кубунту 6.10

/var/log/apache2/access.log

59.117.123.184 - - [19/Jan/2007:00:27:49 +0200] "CONNECT
phyeet.101main.com:25 HTTP/1.0" 405 329 "-" "-"
85.25.143.55 - - [19/Jan/2007:20:43:40 +0200] "GET
/w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 311 "-" "-"
212.98.160.55 - - [20/Jan/2007:15:22:38 +0200] "GET
/thisdoesnotexistahaha.php HTTP/1.1" 404 314 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:39 +0200] "GET /cmd.php HTTP/1.1"
404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:39 +0200] "GET /cacti/cmd.php
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:40 +0200] "GET
/portal/cacti/cmd.php HTTP/1.1" 404 309 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:40 +0200] "GET /portal/cmd.php
HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0 ; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:41 +0200] "GET /stats/cmd.php
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.39.119.241 - - [21/Jan/2007:12:17:30 +0200] "GET
/a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 404 321 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:33 +0200] "GET /adxmlrpc.php
HTTP/1.0" 404 295 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:33 +0200] "GET
/adserver/adxmlrpc.php HTTP/1.0" 404 304 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:33 +0200] "GET
/phpAdsNew/adxmlrpc.php HTTP/1.0" 404 305 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET
/phpadsnew/adxmlrpc.php HTTP/1.0" 404 305 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET /phpads/adxmlrpc.php
HTTP/1.0" 404 302 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET /Ads/adxmlrpc.php
HTTP/1.0" 404 299 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET /ads/adxmlrpc.php
HTTP/1.0" 404 299 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:35 +0200] "GET /xmlrpc.php
HTTP/1.0" 404 293 "-" "-"
213.240.5.210 - - [21/Jan/2007:22:45:52 +0200] "GET / HTTP/1.0" 200 802
"-" "-"
213.240.5.210 - - [21/Jan/2007:22:46:03 +0200] "SEARCH
/\x90\xc9\xc9\xc9\xc9\...

  и така още поне 500 пъти

  ...x90\x90\x90\x90\x90\x90\x90\x90" 414 335 "-" "-"
213.240.5.210 - - [21/Jan/2007:22:46:14 +0200] "POST
/_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 318 "-" "-"
220.133.116.98 - - [22/Jan/2007:12:50:56 +0200] "CONNECT
phyeet.101main.com:25 HTTP/1.0" 405 329 "-" "-"
220.133.116.143 - - [22/Jan/2007:15:50:27 +0200] "CONNECT
phyeet.101main.com:25 HTTP/1.0" 405 329 "-" "-"
210.150.124.117 - - [22/Jan/2007:19:56:17 +0200] "GET
/thisdoesnotexistahaha.php HTTP/1.1" 404 314 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:18 +0200] "GET /cmd.php HTTP/1.1"
404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:19 +0200] "GET /cacti/cmd.php
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:20 +0200] "GET
/portal/cacti/cmd.php HTTP/1.1" 404 309 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:20 +0200] "GET /portal/cmd.php
HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:21 +0200] "GET /stats/cmd.php
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"


_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg

-- 
Марио Пешев
Национална академия по разработка на софтуер - Курсове по програмиране и софтуерни технологии
http://Start.BG - Стартирай в мрежата!
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg