![]() |
![]() |
![]()
Post
#1
|
|
Grupa: Zarejestrowani Postów: 27 Pomógł: 1 Dołączył: 18.11.2008 Ostrzeżenie: (0%) ![]() ![]() |
Witam!
Mam pytanie jak mogę zatrzymać następujące ataki na serwer: oto log apache: 83.30.4.216 - - [10/Oct/2010:16:56:23 +0200] "GET /adres zakładki HTTP/1.0" 500 876 "-" "ApacheBench/2.3" prosiłbym o szybką radę gdyż jakiś idiota zajeżdża mi serwer. VPS stoi na Directadminie. Z góry dziękuję za odpowiedzi. pozdrawiam |
|
|
![]() |
![]()
Post
#2
|
|
Grupa: Zarejestrowani Postów: 453 Pomógł: 16 Dołączył: 25.05.2004 Skąd: Gorzów Wlkp. Ostrzeżenie: (0%) ![]() ![]() |
Podepne się do tematu. Mojego Apache coś szpieguje, tj stara się trafić w istniejące skrypty instalacji itp. Na przykład:
Cytat 87.120.102.82 - - [10/Oct/2010:07:36:47 +0200] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:36:48 +0200] "GET /admin/phpMyAdmin/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:36:49 +0200] "GET /admin/sysadmin/main.php HTTP/1.0" 404 221 87.120.102.82 - - [10/Oct/2010:07:36:49 +0200] "GET /admin/sqladmin/main.php HTTP/1.0" 404 221 87.120.102.82 - - [10/Oct/2010:07:36:49 +0200] "GET /admin/db/main.php HTTP/1.0" 404 215 87.120.102.82 - - [10/Oct/2010:07:36:49 +0200] "GET /admin/web/main.php HTTP/1.0" 404 216 87.120.102.82 - - [10/Oct/2010:07:36:50 +0200] "GET /admin/pMA/main.php HTTP/1.0" 404 216 87.120.102.82 - - [10/Oct/2010:07:36:50 +0200] "GET /admin/main.php HTTP/1.0" 404 212 87.120.102.82 - - [10/Oct/2010:07:36:50 +0200] "GET /admin/mysql/main.php HTTP/1.0" 404 218 87.120.102.82 - - [10/Oct/2010:07:36:50 +0200] "GET /admin/myadmin/main.php HTTP/1.0" 404 220 87.120.102.82 - - [10/Oct/2010:07:36:51 +0200] "GET /admin/webadmin/main.php HTTP/1.0" 404 221 87.120.102.82 - - [10/Oct/2010:07:36:51 +0200] "GET /admin/sqlweb/main.php HTTP/1.0" 404 219 87.120.102.82 - - [10/Oct/2010:07:36:51 +0200] "GET /admin/websql/main.php HTTP/1.0" 404 219 87.120.102.82 - - [10/Oct/2010:07:36:51 +0200] "GET /admin/webdb/main.php HTTP/1.0" 404 218 87.120.102.82 - - [10/Oct/2010:07:36:52 +0200] "GET /admin/mysqladmin/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:36:55 +0200] "GET /admin/mysql-admin/main.php HTTP/1.0" 404 224 87.120.102.82 - - [10/Oct/2010:07:36:55 +0200] "GET /admin/phpmyadmin2/main.php HTTP/1.0" 404 224 87.120.102.82 - - [10/Oct/2010:07:36:55 +0200] "GET /admin/php-my-admin/main.php HTTP/1.0" 404 225 87.120.102.82 - - [10/Oct/2010:07:36:55 +0200] "GET /admin/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:56 +0200] "GET /admin/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:56 +0200] "GET /admin/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:56 +0200] "GET /admin/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:56 +0200] "GET /admin/phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:57 +0200] "GET /admin/phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:57 +0200] "GET /admin/phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 233 87.120.102.82 - - [10/Oct/2010:07:36:57 +0200] "GET /admin/phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 233 87.120.102.82 - - [10/Oct/2010:07:36:57 +0200] "GET /admin/phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 229 87.120.102.82 - - [10/Oct/2010:07:36:57 +0200] "GET /admin/phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 233 87.120.102.82 - - [10/Oct/2010:07:36:58 +0200] "GET /admin/phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 233 87.120.102.82 - - [10/Oct/2010:07:36:58 +0200] "GET /admin/padmin/main.php HTTP/1.0" 404 219 87.120.102.82 - - [10/Oct/2010:07:36:58 +0200] "GET /admin/datenbank/main.php HTTP/1.0" 404 222 87.120.102.82 - - [10/Oct/2010:07:36:58 +0200] "GET /admin/database/main.php HTTP/1.0" 404 221 87.120.102.82 - - [10/Oct/2010:07:36:59 +0200] "GET /phpmyadmin/main.php HTTP/1.0" 403 221 87.120.102.82 - - [10/Oct/2010:07:36:59 +0200] "GET /phpMyAdmin/main.php HTTP/1.0" 404 217 87.120.102.82 - - [10/Oct/2010:07:36:59 +0200] "GET /db/main.php HTTP/1.0" 404 209 87.120.102.82 - - [10/Oct/2010:07:37:00 +0200] "GET /web/main.php HTTP/1.0" 404 210 87.120.102.82 - - [10/Oct/2010:07:37:00 +0200] "GET /PMA/main.php HTTP/1.0" 404 210 87.120.102.82 - - [10/Oct/2010:07:37:00 +0200] "GET /admin/main.php HTTP/1.0" 404 212 87.120.102.82 - - [10/Oct/2010:07:37:00 +0200] "GET /mysql/main.php HTTP/1.0" 404 212 87.120.102.82 - - [10/Oct/2010:07:37:00 +0200] "GET /myadmin/main.php HTTP/1.0" 404 214 87.120.102.82 - - [10/Oct/2010:07:37:01 +0200] "GET /webadmin/main.php HTTP/1.0" 404 215 87.120.102.82 - - [10/Oct/2010:07:37:01 +0200] "GET /sqlweb/main.php HTTP/1.0" 404 213 87.120.102.82 - - [10/Oct/2010:07:37:01 +0200] "GET /websql/main.php HTTP/1.0" 404 213 87.120.102.82 - - [10/Oct/2010:07:37:01 +0200] "GET /webdb/main.php HTTP/1.0" 404 212 87.120.102.82 - - [10/Oct/2010:07:37:01 +0200] "GET /mysqladmin/main.php HTTP/1.0" 404 217 87.120.102.82 - - [10/Oct/2010:07:37:02 +0200] "GET /mysql-admin/main.php HTTP/1.0" 404 218 87.120.102.82 - - [10/Oct/2010:07:37:02 +0200] "GET /phpmyadmin2/main.php HTTP/1.0" 404 218 87.120.102.82 - - [10/Oct/2010:07:37:02 +0200] "GET /php-my-admin/main.php HTTP/1.0" 404 219 87.120.102.82 - - [10/Oct/2010:07:37:02 +0200] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:02 +0200] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:03 +0200] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:03 +0200] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:03 +0200] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:03 +0200] "GET /phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:06 +0200] "GET /phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 227 87.120.102.82 - - [10/Oct/2010:07:37:07 +0200] "GET /phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 227 87.120.102.82 - - [10/Oct/2010:07:37:07 +0200] "GET /phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 223 87.120.102.82 - - [10/Oct/2010:07:37:07 +0200] "GET /phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 227 87.120.102.82 - - [10/Oct/2010:07:37:07 +0200] "GET /phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 227 87.120.102.82 - - [10/Oct/2010:07:37:07 +0200] "GET /padmin/main.php HTTP/1.0" 404 213 87.120.102.82 - - [10/Oct/2010:07:37:08 +0200] "GET /datenbank/main.php HTTP/1.0" 404 216 87.120.102.82 - - [10/Oct/2010:07:37:08 +0200] "GET /database/main.php HTTP/1.0" 404 215 oraz Cytat 41.197.20.10 - - [10/Oct/2010:20:19:37 +0200] "GET /install.txt HTTP/1.1" 404 209 41.197.20.10 - - [10/Oct/2010:20:19:38 +0200] "GET /cart/install.txt HTTP/1.1" 404 214 41.197.20.10 - - [10/Oct/2010:20:19:38 +0200] "GET /zencart/install.txt HTTP/1.1" 404 217 41.197.20.10 - - [10/Oct/2010:20:19:39 +0200] "GET /zen-cart/install.txt HTTP/1.1" 404 218 41.197.20.10 - - [10/Oct/2010:20:19:40 +0200] "GET /zen/install.txt HTTP/1.1" 404 213 41.197.20.10 - - [10/Oct/2010:20:19:40 +0200] "GET /shop/install.txt HTTP/1.1" 404 214 41.197.20.10 - - [10/Oct/2010:20:19:41 +0200] "GET /butik/install.txt HTTP/1.1" 404 215 41.197.20.10 - - [10/Oct/2010:20:19:42 +0200] "GET /zcart/install.txt HTTP/1.1" 404 215 41.197.20.10 - - [10/Oct/2010:20:19:42 +0200] "GET /shop2/install.txt HTTP/1.1" 404 215 41.197.20.10 - - [10/Oct/2010:20:19:43 +0200] "GET /catalog/install.txt HTTP/1.1" 404 217 41.197.20.10 - - [10/Oct/2010:20:19:43 +0200] "GET /boutique/install.txt HTTP/1.1" 404 218 41.197.20.10 - - [10/Oct/2010:20:19:44 +0200] "GET /cart/install.txt HTTP/1.1" 404 214 41.197.20.10 - - [10/Oct/2010:20:19:45 +0200] "GET /store/install.txt HTTP/1.1" 404 215 i jeszcze to: Cytat 222.73.227.18 - - [11/Oct/2010:23:30:01 +0200] "GET /roundcube//bin/msgimport HTTP/1.1" 404 222 222.73.227.18 - - [11/Oct/2010:23:30:03 +0200] "GET /rc//bin/msgimport HTTP/1.1" 404 215 222.73.227.18 - - [11/Oct/2010:23:30:04 +0200] "GET /mss2//bin/msgimport HTTP/1.1" 404 217 222.73.227.18 - - [11/Oct/2010:23:30:05 +0200] "GET /mail//bin/msgimport HTTP/1.1" 404 217 222.73.227.18 - - [11/Oct/2010:23:30:05 +0200] "GET /mail2//bin/msgimport HTTP/1.1" 404 218 222.73.227.18 - - [11/Oct/2010:23:30:06 +0200] "GET /roundcubemail//bin/msgimport HTTP/1.1" 404 226 222.73.227.18 - - [11/Oct/2010:23:30:07 +0200] "GET /rms//bin/msgimport HTTP/1.1" 404 216 222.73.227.18 - - [11/Oct/2010:23:30:08 +0200] "GET /webmail2//bin/msgimport HTTP/1.1" 404 221 222.73.227.18 - - [11/Oct/2010:23:30:30 +0200] "GET /wm//bin/msgimport HTTP/1.1" 404 215 222.73.227.18 - - [11/Oct/2010:23:30:30 +0200] "GET /bin/msgimport HTTP/1.1" 404 211 222.73.227.18 - - [11/Oct/2010:23:30:30 +0200] "GET /roundcubemail-0.1//bin/msgimport HTTP/1.1" 404 230 222.73.227.18 - - [11/Oct/2010:23:30:30 +0200] "GET /roundcubemail-0.2//bin/msgimport HTTP/1.1" 404 230 222.73.227.18 - - [11/Oct/2010:23:30:31 +0200] "GET /roundcube-0.1//bin/msgimport HTTP/1.1" 404 226 222.73.227.18 - - [11/Oct/2010:23:30:32 +0200] "GET /roundcube-0.2//bin/msgimport HTTP/1.1" 404 226 222.73.227.18 - - [11/Oct/2010:23:30:33 +0200] "GET /round//bin/msgimport HTTP/1.1" 404 218 222.73.227.18 - - [11/Oct/2010:23:30:34 +0200] "GET /cube//bin/msgimport HTTP/1.1" 404 217 Wiem już że mogę dodać te ip do deny, chociaż i tak raczej nigdy w nic nie trafią. Interesuje mnie natomiast co to za roboty są, co robią jak uda im się trafić jakimś urlem i jak zabezpieczyć się na przyszłość przed podobnymi narzędziami. Ktoś przecież może napisać robota który będzie sprawdzał nie tylko podane urle ale może tak długo kombinować kilku znakowe stringi że wkońcu dostanie coś innego w zwrocie niż 404 ;p Ten post edytował fiszol 12.10.2010, 13:41:31 |
|
|
![]() ![]() |
![]() |
Aktualny czas: 9.10.2025 - 15:38 |