[linux] Re: [inux] <OT> pokusy o hack, statistika ;-)
Dado Jan
dado na slovkaufring.sk
Pátek Březen 17 14:42:41 CET 2000
> > schavlne skuste si dat kto ma cas a chut zabavit sa
> > zgrep 211.53.208.209 /var/log/apache/* ze kedy bol na vasich IP ;-))
> > (jo ale asi by sme to nemali rvat do konfery ...)
>
> No, myslim ze je to viac k veci a menej OT, nez mnoho inych
> mailov. A ak je to security vo vztahu k linuxu, tak to mozno
> ani OT nebude. A ak to alertuje zopar dalsich spravcov, mozno
> to bude aj osozne...
Suhlasim.
Myslim, ze sa nas najde este dost :)
Napr: apache
211.53.208.209 - - [15/Mar/2000:07:54:27 +0100] "GET /cgi-bin/phf
HTTP/1.0" 404 164
211.53.208.209 - - [15/Mar/2000:07:54:28 +0100] "GET /cgi-bin/Count.cgi
HTTP/1.0" 200 360
211.53.208.209 - - [15/Mar/2000:07:54:29 +0100] "GET /cgi-bin/test-cgi
HTTP/1.0" 404 169
211.53.208.209 - - [15/Mar/2000:07:54:30 +0100] "GET /cgi-bin/php.cgi
HTTP/1.0" 404 168
211.53.208.209 - - [15/Mar/2000:07:54:32 +0100] "GET /cgi-bin/handler
HTTP/1.0" 404 168
211.53.208.209 - - [15/Mar/2000:07:54:33 +0100] "GET /cgi-bin/webgais
HTTP/1.0" 404 168
211.53.208.209 - - [15/Mar/2000:07:54:34 +0100] "GET /cgi-bin/websendmail
HTTP/1.0" 404 172
211.53.208.209 - - [15/Mar/2000:07:54:35 +0100] "GET /cgi-bin/webdist.cgi
HTTP/1.0" 404 172
211.53.208.209 - - [15/Mar/2000:07:54:36 +0100] "GET /cgi-bin/faxsurvey
HTTP/1.0" 404 170
211.53.208.209 - - [15/Mar/2000:07:54:37 +0100] "GET /cgi-bin/htmlscript
HTTP/1.0" 404 171
211.53.208.209 - - [15/Mar/2000:07:54:39 +0100] "GET
/cgi-bin/pfdisplay.cgi HTTP/1.0" 404 174
211.53.208.209 - - [15/Mar/2000:07:54:40 +0100] "GET /cgi-bin/perl.exe
HTTP/1.0" 404 169
211.53.208.209 - - [15/Mar/2000:07:54:41 +0100] "GET /cgi-bin/wwwboard.pl
HTTP/1.0" 404 172
Vsetky dopadli "script not found".. samozrejme.
/var/log/* :
Mar 15 07:53:28 ns in.ftpd[23498]: connect from 211.53.208.209
Mar 15 07:53:28 ns ipop3d[23496]: connect from 211.53.208.209
Mar 15 07:54:20 ns ipop3d[23499]: connect from 211.53.208.209
Mar 15 07:54:43 ns in.ftpd[23502]: connect from 211.53.208.209
Mar 15 07:54:44 ns in.ftpd[23504]: connect from 211.53.208.209
Mar 15 07:54:48 ns in.ftpd[23505]: connect from 211.53.208.209
Mar 15 07:54:49 ns in.ftpd[23506]: connect from 211.53.208.209
Mar 15 07:54:51 ns ipop3d[23499]: Connection broken while reading line
user=??? host=211.53.208.209
Mar 16 10:30:03 ns named[1439]: approved AXFR from [211.53.208.209].4056
for "slovkaufring.sk"
Mar 17 02:47:48 ns named[1439]: approved AXFR from [211.53.208.209].2165
for "empik.sk"
Mar 17 07:52:58 ns named[1439]: approved AXFR from [211.53.208.209].2828
for "kluby.sk"
Mar 17 10:34:37 ns named[1439]: approved AXFR from [211.53.208.209].4737
for "slov-kaufring.sk"
Malo by to byt v pohode, az na ten bind, ten mam dost stary :), ale to
teraz nie je podstatne.
Co podnikneme? :)
Jano
Další informace o konferenci linux