アタックNo1してきたIPを晒すスレ
212.83.42.101 WEBの常連さん。 MyAdmin myadmin mysql phpMyAdmin phpmyadmin pma webdav geeklog/bbs/fckeditor/editor その他色々なフォルダを探して手当たりしだいアクセス、sshのログインも一生懸命してくる >>2 IP毎回違うけど、うちにもphpMyAdminとかpmaとか探しに何回も来てるよ phpMyAdminは多いいね。 それ以外はロボットばっかり Feb 1 20:53:36 192 sshd[30181]: refused connect from ::ffff:221.206.130.3 (::ffff:221.206.130.3) Feb 1 21:50:22 192 sshd[30308]: refused connect from ::ffff:221.206.130.3 (::ffff:221.206.130.3) Feb 1 23:10:01 192 sshd[30585]: refused connect from ::ffff:61.163.56.24 (::ffff:61.163.56.24) Feb 1 23:50:12 192 sshd[30654]: refused connect from ::ffff:61.163.56.24 (::ffff:61.163.56.24) Feb 2 00:20:23 192 sshd[30768]: refused connect from ::ffff:60.12.11.62 (::ffff:60.12.11.62) Feb 2 01:54:23 192 sshd[30957]: refused connect from ::ffff:128.226.170.170 (::ffff:128.226.170.170) Feb 2 04:37:54 192 sshd[31317]: refused connect from ::ffff:202.205.176.115 (::ffff:202.205.176.115) SSHのポートを22から変えたら全く来なくなったけど、試しに22に戻したらまた来た。 22が開いてるところしか狙ってないのかな。 うちもphpMyAdmin関係は多い # cat /var/log/httpd/access_log | grep 110.172.52.5 | wc -l 951 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 228 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:00 +0900] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:01 +0900] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:01 +0900] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:02 +0900] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:03 +0900] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:04 +0900] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:04 +0900] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:05 +0900] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 239 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 238 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:06 +0900] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:07 +0900] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:07 +0900] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 232 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:08 +0900] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:09 +0900] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 236 crawl-66-249-69-91.googlebot.com - - [03/Feb/2011:07:10:22 +0900] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 232 こういう奴か こいつ アタックNO1w FNAfb-09p2-253.ppp11.odn.ad.jp 91.121.243.113 >7と同じ。phpMyAdmin関係総なめ >2 sshdは、denyhostお勧め。 アタックしてきたアドレスを、自動でブロックしてくれる。 我が家の現状: % egrep ^sshd /etc/hosts.deny | wc -l 1100 apacheってリクエストがないとログ記録されないっけ ,, -――-、 | アタックチャンス !! //ヾソ)),il|,);r、. 人 /";彡`ヾド!ソツノ゙ミヾ、  ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ i;彡 _ _ ミ. i ,i;;;彡 ,.,._ . :_..、ヾ/ i:yv. ´;.。.、`; ;。:、 リ ヽ`i 、 _;ノ,: i、:_,. ! `| ,__、,.r、_.bヽ. ,′ /r´.三ミD‐-;→;ソ , : -´ ̄|::::|´^, r〕!Ξ´.ノ‐- 、. /::::::::::::::::ヽノ )´、:_丿|::\:::::::`‐-、. ./ :::::::\_:::::::∧ , _.∧ ./.ヽ !:::::::ヽ:::::::::|:`, 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /roundcubemail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /rc/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:46 +0900] "GET /webmail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /roundcube/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /mail/README HTTP/1.1" 404 444 "-" "Morfeus strikes again." 61.19.255.14 - - [07/Feb/2011:03:59:47 +0900] "GET /README HTTP/1.1" 404 444 "-" "Morfeus strikes again." phpMyAdmin以外に、こんな奴も最近来るようになった 単純にroundcubeを置いてるかどうか探してるんでしょ roundcube使ったことないから知らないけど、phpMyAdminみたいにセキュリティホールあるんじゃないの? >>14 と全く同じのが来てた 日時もほぼ同じ あとこんなのとか 67.205.111.77 (5rreo.com) Date,Time,Method,URL,Query,HTTP,Status,Size,Referer,Keyword,Agent 2011/02/04,03:15:23,GET,"/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:24,GET,"/cart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:25,GET,"/zen-cart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:25,GET,"/zencart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:26,GET,"/zen/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:27,GET,"/butik/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:27,GET,"/shop/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:28,GET,"/butik/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:28,GET,"/zcart/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:29,GET,"/catalog/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:29,GET,"/shop2/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:30,GET,"/boutique/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" 2011/02/04,03:15:31,GET,"/store/install.txt","","1.1",403,3025,"-","","Toata dragostea mea pentru diavola" http://members3.jcom.home.ne.jp/rising-sun/ こちらにURLを掲載されてから、スパマーが大挙して書き込みに来るようになりました。 それまで5hot/月くらいだったので、どうやって俺のサイトを見つけたのか不思議です。 馬鹿サイトサーチャーに引っかかったんじゃねw あほかと 5分から数時間周期で、うちの掲示板を爆撃してくれてるIPの方々 125-14-198-192.rev.home.ne.jp 155.215.232.111.ap.yournet.ne.jp 173.60.112.219.ap.yournet.ne.jp 182-167-50-41f1.kyt1.eonet.ne.jp 36.76.44.61.ap.yournet.ne.jp 55.223.183.58.megaegg.ne.jp fa211-113.infoaomori.ne.jp fe219-224.infoaomori.ne.jp gd202157012064.u31.kcn-tv.ne.jp i121-115-10-40.s05.a002.ap.plala.or.jp i60-34-249-28.s05.a002.ap.plala.or.jp kd111098033213.ppp-bb.dion.ne.jp nttkyo787161.tkyo.nt.ftth.ppp.infoweb.ne.jp p1208-ipbf11matuyama.ehime.ocn.ne.jp p2176-ipbf31osakakita.osaka.ocn.ne.jp p2220-ipbf217hodogaya.kanagawa.ocn.ne.jp p4001-ipbf506okidate.aomori.ocn.ne.jp p4043-ipbfp505oomichi.oita.ocn.ne.jp p6107-ipad24osakakita.osaka.ocn.ne.jp fe219-224.infoaomori.ne.jp gd202157012064.u31.kcn-tv.ne.jp i121-115-10-40.s05.a002.ap.plala.or.jp i60-34-249-28.s05.a002.ap.plala.or.jp kd111098033213.ppp-bb.dion.ne.jp nttkyo787161.tkyo.nt.ftth.ppp.infoweb.ne.jp p1208-ipbf11matuyama.ehime.ocn.ne.jp p2176-ipbf31osakakita.osaka.ocn.ne.jp p2220-ipbf217hodogaya.kanagawa.ocn.ne.jp p4001-ipbf506okidate.aomori.ocn.ne.jp p4043-ipbfp505oomichi.oita.ocn.ne.jp p6107-ipad24osakakita.osaka.ocn.ne.jp pd9c147.aicint01.ap.so-net.ne.jp softbank126028210215.bbtec.net z130201.dynamic.ppp.asahi-net.or.jp 今日のエロPOST 110.4.130.201 111.232.215.155 112.136.113.83 113.146.93.230 113.197.189.143 114.168.207.139 114.170.128.214 114.184.9.220 118.104.172.220 118.104.179.201 118.109.143.39 118.8.38.149 118.9.220.244 119.106.141.196 119.171.129.173 119.240.104.41 121.110.118.125 121.112.239.228 121.84.232.185 121.87.9.57 121.94.255.149 122.132.10.123 122.135.162.147 123.220.39.220 124.147.111.65 124.214.165.15 124.24.204.121 124.96.171.120 124.96.52.43 125.14.198.192 125.204.241.189 125.207.20.146 126.127.166.209 126.131.28.248 126.14.122.149 150.70.75.161 180.131.90.82 180.144.58.187 180.221.227.142 180.5.197.245 182.167.80.18 182.168.195.197 183.76.79.10 202.157.12.64 202.226.208.164 202.226.214.49 211.2.66.140 216.104.15.130 216.104.15.134 216.104.15.138 216.104.15.142 218.231.172.112 219.111.124.66 219.112.60.122 219.8.100.11 220.56.10.183 221.190.78.15 221.20.34.163 222.144.50.1 222.226.145.26 58.0.105.152 58.169.234.43 58.183.5.68 58.188.233.9 60.237.4.90 60.239.223.164 60.39.34.90 61.210.188.161 61.44.54.37 61.46.27.183 61.89.161.187 61.89.165.136 上の奴へ ポスト系は、IP変えながら投げるツールが腐るほどあるから いくら晒しても無駄だと思われ。 ツール使えば月50万くらいは稼げるぞw MA NU KE HA SI N DE KU RE >>26 IP変えてくる奴もいるけど、 223.132.1.24は、9千回以上ログに出てくる p840118.tokynt01.ap.so-net.ne.jp 苦しくたって 悲しくたって jailの中なら平気なの? …スマソ 91.121.108.5 [22/Feb/2011:01:49:51 +0900] "GET /scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:49:51 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 91.121.108.5 [22/Feb/2011:01:49:52 +0900] "GET /db/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:49:57 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:03 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:09 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:15 +0900] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:21 +0900] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 91.121.108.5 [22/Feb/2011:01:50:27 +0900] "GET /web/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:30 +0900] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 REF:- 89.149.242.190 [22/Feb/2011:02:44:31 +0900] "GET /PHPMYADMIN/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:31 +0900] "GET /3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:37 +0900] "GET /PMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:43 +0900] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:52 +0900] "GET /SSLMySQLAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:44:58 +0900] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:04 +0900] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:10 +0900] "GET /admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:16 +0900] "GET /bbs/data/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:22 +0900] "GET /cpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:28 +0900] "GET /cpadmindb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:34 +0900] "GET /cpanelmysql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:40 +0900] "GET /cpanelphpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:46 +0900] "GET /cpanelsql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:52 +0900] "GET /cpdbadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:45:58 +0900] "GET /cpphpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:04 +0900] "GET /db/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:10 +0900] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:16 +0900] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:22 +0900] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:28 +0900] "GET /mysql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:34 +0900] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:35 +0900] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:41 +0900] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:35 +0900] "GET /mysqladminconfig/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:47 +0900] "GET /pMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:53 +0900] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:46:59 +0900] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:05 +0900] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:11 +0900] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:17 +0900] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:23 +0900] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:29 +0900] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:35 +0900] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:41 +0900] "GET /phpMyAdmin-2.5.5-rc1config/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:47 +0900] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:53 +0900] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:47:59 +0900] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:05 +0900] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:11 +0900] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:17 +0900] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:23 +0900] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:29 +0900] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:35 +0900] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:39 +0900] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:38 +0900] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:45 +0900] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:51 +0900] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:48:57 +0900] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:03 +0900] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:09 +0900] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:15 +0900] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:21 +0900] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:27 +0900] "GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:33 +0900] "GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:39 +0900] "GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:45 +0900] "GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:51 +0900] "GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:49:57 +0900] "GET /phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:03 +0900] "GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:09 +0900] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:15 +0900] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:21 +0900] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:27 +0900] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:33 +0900] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:39 +0900] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:43 +0900] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:42 +0900] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:49 +0900] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:50:55 +0900] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:01 +0900] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:07 +0900] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:13 +0900] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:19 +0900] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:25 +0900] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:31 +0900] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:37 +0900] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:43 +0900] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:49 +0900] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:51:55 +0900] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:01 +0900] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:07 +0900] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:13 +0900] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:19 +0900] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:25 +0900] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:31 +0900] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:37 +0900] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:43 +0900] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:46 +0900] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:46 +0900] "GET /phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:52 +0900] "GET /phpMyAdmin2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:52:58 +0900] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:04 +0900] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:10 +0900] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:16 +0900] "GET /phpmya/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:22 +0900] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:28 +0900] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:34 +0900] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:40 +0900] "GET /pma/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:46 +0900] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:52 +0900] "GET /roundcube/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:53:58 +0900] "GET /scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:04 +0900] "GET /sl2/data/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:10 +0900] "GET /sqladmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:16 +0900] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:22 +0900] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:28 +0900] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:34 +0900] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:40 +0900] "GET /web/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:46 +0900] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:50 +0900] "GET /webdb/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:50 +0900] "GET /websql/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:54:56 +0900] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:02 +0900] "GET /~/PMA/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:08 +0900] "GET /~/admin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:14 +0900] "GET /~/myadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:20 +0900] "GET /~/phpadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:26 +0900] "GET /~/phpmanager/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:32 +0900] "GET /~/phpmyadmin/scripts/setup.php HTTP/1.1" 404 REF:- 89.149.242.190 [22/Feb/2011:02:55:38 +0900] "GET :2086/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 400 REF:- 89.149.242.190 [22/Feb/2011:02:55:44 +0900] "GET :2087/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 400 REF:- 89.149.242.190 [22/Feb/2011:02:55:50 +0900] "GET :81/phpmyadmin/scripts/setup.php HTTP/1.1" 400 REF:- アタックなんて映画の中だけの話だと思ってました phpmyadminが大好きなんだろうな i125-202-167-50.s10.a029.ap.plala.or.jp 89.106.13.209 - - [24/Feb/2011:03:08:57 +0900] "GET //phpmyadmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:57 +0900] "GET //phpMyAdmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:58 +0900] "GET //admin/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:59 +0900] "GET //dbadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:08:59 +0900] "GET //myadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:00 +0900] "GET //mysql/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:01 +0900] "GET //mysqladmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:01 +0900] "GET //phpadmin/ HTTP/1.1" 403 211 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:02 +0900] "GET //pma/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:03 +0900] "GET //phpdb/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:03 +0900] "GET //db/ HTTP/1.1" 403 205 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:04 +0900] "GET //mysqladmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:05 +0900] "GET //SQL/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:05 +0900] "GET //padmin/ HTTP/1.1" 403 209 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:06 +0900] "GET //pmadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 89.106.13.209 - - [24/Feb/2011:03:09:07 +0900] "GET //webdb/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 既出かな? 既出っていうか、もう手当たり次第って感じだな でも、うちには何週間か来てない ::1 - - [25/Feb/2011:04:07:33 +0900] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)" 手前は節穴か 77.222.43.19 - - [25/Feb/2011:22:57:37 +0900] "GET //phpmyadmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:38 +0900] "GET //phpMyAdmin/ HTTP/1.1" 403 213 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:38 +0900] "GET //MyAdmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:41 +0900] "GET //myadmin/ HTTP/1.1" 403 210 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:44 +0900] "GET //pma/ HTTP/1.1" 403 206 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 77.222.43.19 - - [25/Feb/2011:22:57:45 +0900] "GET //mysql/ HTTP/1.1" 403 208 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" mod_geoipで弾いてるから実害無いが また来てやがる //っていうのがうざいよね。 馬鹿なのって思うわ。 195.7.10.56 [26/Feb/2011:13:38:52 +0900] GET //phpMyAdmin/scripts/setup.php HTTP/1.1 404 226 195.7.10.56 [26/Feb/2011:13:38:52 +0900] GET //phpMyAdmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:53 +0900] GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1 404 228 195.7.10.56 [26/Feb/2011:13:38:54 +0900] GET //phpadmin/scripts/setup.php HTTP/1.1 404 224 195.7.10.56 [26/Feb/2011:13:38:55 +0900] GET //phpmyadmin/scripts/setup.php HTTP/1.1 404 226 195.7.10.56 [26/Feb/2011:13:38:55 +0900] GET //phpmyadmin.old/scripts/setup.php HTTP/1.1 404 230 195.7.10.56 [26/Feb/2011:13:38:56 +0900] GET //old.phpmyadmin/scripts/setup.php HTTP/1.1 404 230 195.7.10.56 [26/Feb/2011:13:38:57 +0900] GET //phpmyadmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:58 +0900] GET //phpmyadmin-2/scripts/setup.php HTTP/1.1 404 228 195.7.10.56 [26/Feb/2011:13:38:58 +0900] GET //phpmyadmin1/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:38:59 +0900] GET //phpmyadmin2/scripts/setup.php HTTP/1.1 404 227 195.7.10.56 [26/Feb/2011:13:39:00 +0900] GET //pma/scripts/setup.php HTTP/1.1 404 219 とか 46.4.50.141 [27/Feb/2011:03:17:47 +0900] GET //lists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 219 46.4.50.141 [27/Feb/2011:03:17:47 +0900] GET //newsletter/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 224 46.4.50.141 [27/Feb/2011:03:17:48 +0900] GET //news/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 218 46.4.50.141 [27/Feb/2011:03:17:49 +0900] GET //phplist/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 221 46.4.50.141 [27/Feb/2011:03:17:49 +0900] GET //phpList/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 221 46.4.50.141 [27/Feb/2011:03:17:50 +0900] GET //admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 213 46.4.50.141 [27/Feb/2011:03:17:50 +0900] GET //phplist/lsts/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 226 46.4.50.141 [27/Feb/2011:03:17:51 +0900] GET //phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 222 46.4.50.141 [27/Feb/2011:03:17:51 +0900] GET //list/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 404 212 のが 1日1回くらい記録されているかなぁ。 SSHDにもやってくる。 reverse mapping checking getaddrinfo for 122.3.134.131.pldt.net [122.3.134.131] failed - POSSIBLE BREAK-IN ATTEMPT! : 202 time(s) reverse mapping checking getaddrinfo for 178-162-164-39.local [178.162.164.39] failed - POSSIBLE BREAK-IN ATTEMPT! : 55 time(s) Address 64.235.57.228 maps to lasvegas-nv-datacenter.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) # ping localhost # rm -rf / メールサーバへの攻撃 113.244.196.159 1日1万通以上はじいてるのに懲りないww read.cgi ver 07.5.4 2024/05/19 Walang Kapalit ★ | Donguri System Team 5ちゃんねる