|  |   
     | [Lug-bg] Какво означават тези записи в апачи лога
 
Subject: [Lug-bg] Какво означават тези записи в апачи логаFrom: Boril Gourinov <boril.gourinov@xxxxxxxxx>Date: Mon, 22 Jan 2007 23:12:50 +0200 
 Здравейте, от извесно време в апачи лога засичам посочените по долу 
записи. Какво означават? Някой се опитва да проникне непозволено в 
компютъра ли? Всъщност нямам такива файлове или директории, каквито са 
описани в заявките на сайта ми. Ако сложа IP адресите от които идват 
тези заявки в /etc/hosts.deny  ще спомогна ли да се защити компютъра и 
трябва ли да направя нещо повече.
Благодаря предварително.
Борил Гуринов
Система: Кубунту 6.10
/var/log/apache2/access.log
59.117.123.184 - - [19/Jan/2007:00:27:49 +0200] "CONNECT 
phyeet.101main.com:25 HTTP/1.0" 405 329 "-" "-"
85.25.143.55 - - [19/Jan/2007:20:43:40 +0200] "GET 
/w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 311 "-" "-"
212.98.160.55 - - [20/Jan/2007:15:22:38 +0200] "GET 
/thisdoesnotexistahaha.php HTTP/1.1" 404 314 "-" "Mozilla/4.0 
(compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:39 +0200] "GET /cmd.php HTTP/1.1" 
404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:39 +0200] "GET /cacti/cmd.php 
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:40 +0200] "GET 
/portal/cacti/cmd.php HTTP/1.1" 404 309 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:40 +0200] "GET /portal/cmd.php 
HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.98.160.55 - - [20/Jan/2007:15:22:41 +0200] "GET /stats/cmd.php 
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
62.39.119.241 - - [21/Jan/2007:12:17:30 +0200] "GET 
/a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 404 321 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:33 +0200] "GET /adxmlrpc.php 
HTTP/1.0" 404 295 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:33 +0200] "GET 
/adserver/adxmlrpc.php HTTP/1.0" 404 304 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:33 +0200] "GET 
/phpAdsNew/adxmlrpc.php HTTP/1.0" 404 305 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET 
/phpadsnew/adxmlrpc.php HTTP/1.0" 404 305 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET /phpads/adxmlrpc.php 
HTTP/1.0" 404 302 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET /Ads/adxmlrpc.php 
HTTP/1.0" 404 299 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:34 +0200] "GET /ads/adxmlrpc.php 
HTTP/1.0" 404 299 "-" "-"
62.39.119.241 - - [21/Jan/2007:12:17:35 +0200] "GET /xmlrpc.php 
HTTP/1.0" 404 293 "-" "-"
213.240.5.210 - - [21/Jan/2007:22:45:52 +0200] "GET / HTTP/1.0" 200 802 
"-" "-"
213.240.5.210 - - [21/Jan/2007:22:46:03 +0200] "SEARCH 
/\x90\xc9\xc9\xc9\xc9\...
  и така още поне 500 пъти
  ...x90\x90\x90\x90\x90\x90\x90\x90" 414 335 "-" "-"
213.240.5.210 - - [21/Jan/2007:22:46:14 +0200] "POST 
/_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 318 "-" "-"
220.133.116.98 - - [22/Jan/2007:12:50:56 +0200] "CONNECT 
phyeet.101main.com:25 HTTP/1.0" 405 329 "-" "-"
220.133.116.143 - - [22/Jan/2007:15:50:27 +0200] "CONNECT 
phyeet.101main.com:25 HTTP/1.0" 405 329 "-" "-"
210.150.124.117 - - [22/Jan/2007:19:56:17 +0200] "GET 
/thisdoesnotexistahaha.php HTTP/1.1" 404 314 "-" "Mozilla/4.0 
(compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:18 +0200] "GET /cmd.php HTTP/1.1" 
404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:19 +0200] "GET /cacti/cmd.php 
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:20 +0200] "GET 
/portal/cacti/cmd.php HTTP/1.1" 404 309 "-" "Mozilla/4.0 (compatible; 
MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:20 +0200] "GET /portal/cmd.php 
HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
210.150.124.117 - - [22/Jan/2007:19:56:21 +0200] "GET /stats/cmd.php 
HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
 
 
   |  |  |