Підозрілий access.log

[Yury_Bulka]

Йдеться про звичайний користувацький компутор, на якому запущено apache для спорадичного використання. Адреса у мене змінна, а зараз це: дев’яносто чотири . двісті тридцять один . шістдесят п’ять . двадцять п’ять.

І ось я вирішив заглянути у /var/log/apache2/access.log, і на свій подив побачив там купу дивини та ще й якусь атаку, спрямовану на phpmyadmin. Показую як є:

Код: [Вибрати]

::1 - - [11/Dec/2011:12:56:52 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
::1 - - [11/Dec/2011:12:56:52 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
::1 - - [11/Dec/2011:12:56:52 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
::1 - - [11/Dec/2011:12:56:52 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
78.0.192.5 - - [11/Dec/2011:14:54:33 +0200] "\xcd<F3\xe9\xf0\xd2u\xe4\xad\x9f\xb9\x8f\xe4\xbc\xbb\xa4\x9a0\x99}\xd2\xaf\xfabV" 400 301 "-" "-"
95.168.218.105 - - [11/Dec/2011:18:20:16 +0200] "GET / HTTP/1.1" 200 453 "-" "Python-urllib/2.6"
93.78.91.147 - - [11/Dec/2011:20:01:15 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
93.78.91.147 - - [11/Dec/2011:21:46:42 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
209.59.3.66 - - [11/Dec/2011:22:03:21 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
50.57.114.69 - - [12/Dec/2011:00:55:25 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
50.16.93.46 - - [12/Dec/2011:02:21:07 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
77.48.32.37 - - [12/Dec/2011:02:34:28 +0200] "\xcblY\xec\xf0\x04\x97Z\xcf\xe9\xc0\x0c\x83'\xb1j\xf4\xe2\x06\x8e\xdfHf\xfa\x82\xafaw\x91\xcd" 400 301 "-" "-"
93.78.91.147 - - [12/Dec/2011:11:00:16 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
93.78.91.147 - - [12/Dec/2011:16:21:50 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
91.124.67.131 - - [12/Dec/2011:19:46:45 +0200] "-" 408 0 "-" "-"
95.35.63.115 - - [12/Dec/2011:19:50:47 +0200] "\xcd\xa8\xf4?\x1f\xf6v\x9cbE<\\Y\xe3u\x11\x04'R\xa5\xa2\xabe\x9d\xcb\xb6\xe7DO\xbe" 400 301 "-" "-"
86.57.217.241 - - [12/Dec/2011:19:52:11 +0200] "-" 408 0 "-" "-"
79.103.40.27 - - [12/Dec/2011:19:54:51 +0200] "\x8fU\x16\xd6\xfb[g\xb0\x83\x06\x85\xe0|s\xa1\x97r\xf2\xc8\x87t\x8e\xfb\xfc\x14\xfd\x95N\x8aQ\xff\xb5x\xa6\xad\x98\xc9W\xe7\x14]\x94\xc4/a\x9b\xc6G\x02\x82\x98\xfbF" 400 301 "-" "-"
212.23.57.169 - - [12/Dec/2011:20:02:24 +0200] "-" 408 0 "-" "-"
80.27.100.130 - - [12/Dec/2011:20:13:14 +0200] "-" 408 0 "-" "-"
93.78.91.147 - - [12/Dec/2011:20:15:01 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
94.64.61.1 - - [12/Dec/2011:20:16:06 +0200] "-" 408 0 "-" "-"
86.47.223.52 - - [12/Dec/2011:20:17:42 +0200] "-" 408 0 "-" "-"
91.212.239.15 - - [12/Dec/2011:20:23:58 +0200] "\xe8V}_%\xf5\x1d^M" 400 301 "-" "-"
79.166.66.184 - - [12/Dec/2011:20:33:37 +0200] "\xe1\xbdS}\x9c" 400 301 "-" "-"
82.132.248.152 - - [12/Dec/2011:20:52:32 +0200] "\xbf$\x15>\x95\x96u\x10{\x7f\xdbN\xddO\xdf\x82\xe8:h\xd6\"\x98\x12x\xd0\x14\xb3\x0c9D\x89NC8\xb2\x020P\x87O\xdb@+7\xb0U" 400 301 "-" "-"
77.104.113.131 - - [12/Dec/2011:20:53:19 +0200] "-" 408 0 "-" "-"
213.16.179.56 - - [12/Dec/2011:20:53:49 +0200] "-" 408 0 "-" "-"
188.2.171.22 - - [12/Dec/2011:21:02:25 +0200] "-" 408 0 "-" "-"
212.183.128.15 - - [12/Dec/2011:21:02:51 +0200] "-" 408 0 "-" "-"
78.101.175.98 - - [12/Dec/2011:21:03:25 +0200] "u\x95V\x1eL\x0e\xbf\x90*\xef\xd3\xf9sn\xadzB\x9aYf\x8aO\\y%-\bE\xd4\xca\x1d\xa2\x15p\x94" 400 301 "-" "-"
94.165.176.45 - - [12/Dec/2011:21:05:45 +0200] "-" 408 0 "-" "-"
79.113.65.182 - - [12/Dec/2011:21:06:43 +0200] "-" 408 0 "-" "-"
82.140.181.90 - - [12/Dec/2011:21:16:23 +0200] "-" 408 0 "-" "-"
79.125.239.232 - - [12/Dec/2011:21:29:12 +0200] "9\xad~\x8f0^\xe5\xc9\xeaA\xc7O=f\xe4\xa9\xe7\xc2\xaa\xf1\xe9\bq$\xbb-\xfa/\x040\xf3\x86\xce\xa8_B\x14H\x17\xaa" 400 301 "-" "-"
92.82.64.196 - - [12/Dec/2011:21:35:15 +0200] "" 400 301 "-" "-"
184.99.5.159 - - [12/Dec/2011:21:42:10 +0200] "-" 408 0 "-" "-"
78.152.132.129 - - [12/Dec/2011:21:42:41 +0200] "-" 408 0 "-" "-"
93.78.91.147 - - [12/Dec/2011:22:05:01 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
99.227.232.111 - - [12/Dec/2011:22:22:13 +0200] "\xed\x1bh\xab\x8e\xe9\xe22N\x9f@\xe9\xb4/A\x8a\xac\xd5\"sz" 400 301 "-" "-"
85.73.243.151 - - [12/Dec/2011:22:29:58 +0200] "-" 408 0 "-" "-"
90.186.0.22 - - [12/Dec/2011:22:31:38 +0200] "JR)\xeaEi\xb3\xa6\xa5\xe3\x15L" 400 301 "-" "-"
94.68.64.210 - - [12/Dec/2011:22:32:27 +0200] "\x1d\x8c\xdc\xed\x8ca\x80\xb4r\xccB#^" 400 301 "-" "-"
78.22.160.102 - - [12/Dec/2011:22:36:47 +0200] "\x92_\x16\xcd\x8e\xd6P\x11v\xe3\x04yh\x93hO\xc880\x9d <\xdag\x14\xa3s\xfdb\xd5\x83\x8eT!-1?\xb5\xd9\x19N\xfc\x90}\xfd\xb7\xde\xbe\xf0\x19n\xa0Fb" 400 301 "-" "-"
85.248.5.208 - - [12/Dec/2011:22:52:08 +0200] "-" 408 0 "-" "-"
85.248.5.208 - - [12/Dec/2011:23:00:56 +0200] "-" 408 0 "-" "-"
81.108.148.183 - - [12/Dec/2011:23:11:33 +0200] "\xb1y\x9fDhxh!\x03\xd4" 400 301 "-" "-"
217.12.49.110 - - [12/Dec/2011:23:12:37 +0200] "\xc3M\xebqL\xacH6\xd7\x18\xfa\xae\xe0\xb5\x97AD;\r\x1a\"\xc7f\x05q\x87\x94\xce\xec\xbdn\xb12\xe5\xae\xbd8\xe3|/b38\x07\x8d#\x7f\xc1\x12e\x044TC7\x89ri" 400 301 "-" "-"
213.136.125.98 - - [12/Dec/2011:23:13:31 +0200] "\x85\x0f\x14I\x95p5\xc8\x8c\x05W\x91D\x9c\xd3\x95\xf1\xad\xde\x1fG\xd0:\xc8" 400 301 "-" "-"
91.140.55.150 - - [12/Dec/2011:23:18:07 +0200] "6" 400 301 "-" "-"
195.74.244.112 - - [12/Dec/2011:23:26:01 +0200] "-" 408 0 "-" "-"
94.197.127.176 - - [12/Dec/2011:23:27:21 +0200] "|>\xf8\x12{\v" 400 301 "-" "-"
80.27.100.136 - - [12/Dec/2011:23:39:19 +0200] "-" 408 0 "-" "-"
77.104.113.131 - - [12/Dec/2011:23:42:03 +0200] "\xddr+D\xa1\x94fI\xb3\x13\xaa\xde\x1f\xa0\xf1r\xfd\xd9r\xec}BBIf\xb6\r\xbd\xee\x19\x92\xbe'\x061\x94\xc9\xb0\xfb\x96=\x1b'\x7ftG8\xf7" 400 301 "-" "-"
99.46.41.162 - - [12/Dec/2011:23:59:04 +0200] "-" 408 0 "-" "-"
174.254.65.168 - - [13/Dec/2011:00:27:09 +0200] "\x1e\x88\x91\"\xaf\x99" 400 301 "-" "-"
213.87.134.95 - - [13/Dec/2011:00:32:44 +0200] "-" 408 0 "-" "-"
83.149.9.190 - - [13/Dec/2011:00:36:29 +0200] "\xacy\xd3\x89\x05\x83\x0e\xec\xd5\x10*\xf6\x8f\x15\xdc\xa6" 400 301 "-" "-"
83.149.9.190 - - [13/Dec/2011:01:46:22 +0200] "-" 408 0 "-" "-"
188.4.15.9 - - [13/Dec/2011:02:15:18 +0200] "-" 408 0 "-" "-"
213.195.226.11 - - [13/Dec/2011:02:30:23 +0200] "\x95\xec\xe4\xfeA8l;\xe4&\x0e{w\xba\xb7\xec1\xd17O\xb7\xed\xf8A}\xbfE\x12\xe1\xa1\xdc'\x02q'\xb7" 400 301 "-" "-"
95.56.183.240 - - [13/Dec/2011:02:44:41 +0200] "=\x1d\x8fDi\x14+\xcb\xff\t\x8b:GV[\xf2\xb0[>\xf6\\\xa6\x1a\xbf\xc2\x18\x90C" 400 301 "-" "-"
115.132.70.197 - - [13/Dec/2011:02:54:50 +0200] "-" 408 0 "-" "-"
50.57.114.69 - - [13/Dec/2011:03:43:10 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
93.78.91.147 - - [13/Dec/2011:03:51:52 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
92.25.143.157 - - [13/Dec/2011:04:53:36 +0200] "x6\xe8\xf2&\x8e" 400 301 "-" "-"
90.2.123.38 - - [13/Dec/2011:05:07:13 +0200] "-" 408 0 "-" "-"
93.78.91.147 - - [13/Dec/2011:15:48:13 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
31.147.73.108 - - [13/Dec/2011:17:50:05 +0200] "\xe6\xf3^\xe9\x1c\xf1\x11\xcd%\xe7$\x8f\x85bQ\xf4\xf5\xc8W]\x14n\x1b\x9a\xb5f8\x10\xec\xc5" 400 301 "-" "-"
93.78.91.147 - - [13/Dec/2011:18:11:13 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
81.201.60.162 - - [13/Dec/2011:20:00:02 +0200] "-" 408 0 "-" "-"
81.201.60.162 - - [13/Dec/2011:20:01:27 +0200] "-" 408 0 "-" "-"
93.78.91.147 - - [13/Dec/2011:20:37:46 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
93.78.91.147 - - [13/Dec/2011:23:08:51 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
61.250.80.133 - - [14/Dec/2011:00:56:10 +0200] "GET /user/soapCaller.bs HTTP/1.1" 404 469 "-" "Morfeus Fucking Scanner"
93.78.91.147 - - [14/Dec/2011:15:13:57 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
190.90.216.92 - - [14/Dec/2011:16:48:39 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
201.67.76.20 - - [14/Dec/2011:17:40:53 +0200] "HEAD / HTTP/1.0" 200 313 "-" "-"
66.162.219.251 - - [15/Dec/2011:05:49:33 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:34 +0200] "GET /scripts/setup.php HTTP/1.1" 404 470 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:35 +0200] "GET /admin/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:35 +0200] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:35 +0200] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:36 +0200] "GET /db/scripts/setup.php HTTP/1.1" 404 472 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:36 +0200] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:36 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:37 +0200] "GET /mysql/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:37 +0200] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:37 +0200] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:38 +0200] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:38 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:38 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:39 +0200] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:39 +0200] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:40 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:40 +0200] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:40 +0200] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:41 +0200] "GET /web/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:41 +0200] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:41 +0200] "GET /websql/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:42 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:42 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:42 +0200] "GET /phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:43 +0200] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:43 +0200] "GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:43 +0200] "GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:44 +0200] "GET /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:44 +0200] "GET /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:44 +0200] "GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:45 +0200] "GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:45 +0200] "GET /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:45 +0200] "GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:46 +0200] "GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:46 +0200] "GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:46 +0200] "GET /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:47 +0200] "GET /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:47 +0200] "GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 487 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:47 +0200] "GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:48 +0200] "GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 489 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:48 +0200] "GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:48 +0200] "GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:49 +0200] "GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:49 +0200] "GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:49 +0200] "GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:50 +0200] "GET /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:50 +0200] "GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:50 +0200] "GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:50 +0200] "GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:51 +0200] "GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:51 +0200] "GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:51 +0200] "GET /phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:52 +0200] "GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:52 +0200] "GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:52 +0200] "GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:53 +0200] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:53 +0200] "GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:53 +0200] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:54 +0200] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:54 +0200] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:54 +0200] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:55 +0200] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:55 +0200] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:55 +0200] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:56 +0200] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:56 +0200] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:56 +0200] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:57 +0200] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:57 +0200] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:57 +0200] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:58 +0200] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:58 +0200] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:58 +0200] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:59 +0200] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:59 +0200] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:49:59 +0200] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:00 +0200] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:00 +0200] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:00 +0200] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:00 +0200] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:01 +0200] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:01 +0200] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:01 +0200] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:02 +0200] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:02 +0200] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:02 +0200] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:03 +0200] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:04 +0200] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:04 +0200] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:04 +0200] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:05 +0200] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:05 +0200] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:05 +0200] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:05 +0200] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:06 +0200] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:06 +0200] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:06 +0200] "GET /websql/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:07 +0200] "GET /webdb/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:07 +0200] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
66.162.219.251 - - [15/Dec/2011:05:50:07 +0200] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
::1 - - [15/Dec/2011:05:50:08 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
::1 - - [15/Dec/2011:05:50:09 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
::1 - - [15/Dec/2011:05:50:10 +0200] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.21 (Debian) (internal dummy connection)"
118.218.136.109 - - [15/Dec/2011:06:31:51 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 488 "-" "ZmEu"
118.218.136.109 - - [15/Dec/2011:06:31:53 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
118.218.136.109 - - [15/Dec/2011:06:31:54 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
118.218.136.109 - - [15/Dec/2011:06:31:55 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
118.218.136.109 - - [15/Dec/2011:06:31:57 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
118.218.136.109 - - [15/Dec/2011:06:31:58 +0200] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
83.5.37.246 - - [15/Dec/2011:20:44:51 +0200] "\xdb{\xe4.n\xe3\xfeV\xd3#o\x17\xe7\x93\x1e\xa7\xb3L\x90:\xc6\xd1\x188\bE\xf6\x85\xd6\x01\x9b\xbd6\xa4\xbc@\xa8\x11\xc4\xc4" 400 301 "-" "-"
94.250.95.167 - - [15/Dec/2011:21:02:56 +0200] "\xf2z-\xdc*\xa4\x9b\x86\x16\xbf\x01\xcf\xf6\x85\x04:\x88.\xefh\xce\xfb\xe3\xc8\x03\x13\xe9\xdc\x14\x0e\x87q" 400 301 "-" "-"
216.245.200.234 - - [16/Dec/2011:09:41:11 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 506 "-" "-"
85.225.95.208 - - [16/Dec/2011:17:10:46 +0200] "GET http://www.matchav.com/deny2/azenv.php HTTP/1.1" 404 534 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
159.224.100.137 - - [16/Dec/2011:19:32:47 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
91.124.198.243 - - [16/Dec/2011:20:18:29 +0200] "\x0c\xd3\xa3H\xc3\xd0\x0e\xcd%\xf3#\xd8\x05z-\xca\xe1\x19\x10\x10H\xf8\x14{\t\xcdV;\x8b\x99\xc5\x13\xf6\xf0\x8c\xf1\xe2\x8dgD\xb5\xf6\xa8\xdc\x126fI\xce\xb6\x8e" 400 506 "-" "-"
159.224.100.137 - - [16/Dec/2011:21:09:09 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
159.224.100.137 - - [16/Dec/2011:23:00:29 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
188.165.247.215 - - [16/Dec/2011:23:34:08 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
194.44.160.178 - - [17/Dec/2011:00:31:12 +0200] "\x84V\xfdd\xe4\xef6\x8d\x97" 400 301 "-" "-"
187.33.88.146 - - [17/Dec/2011:17:05:20 +0200] "HEAD / HTTP/1.0" 200 276 "-" "-"
84.42.181.16 - - [17/Dec/2011:19:01:33 +0200] "\xda\x81W\xbf\xc6t\xaf\xf8S\xc2\xcdHn\xb0\xb2\x13]\xc3\xe3\xa2\xd3?\xd2B\xf2\x94O\xc8\xff\xf9\xec\xdf\xb79\x85r]\xd1\xdc\xbf\x1a:\x01\x9a|)\x15w\x10=Y\x9b2\xae\\\x93E\xc3\x98\xdb\x93\x1bP\x7f\xaa5\"" 400 301 "-" "-"
[/tt]

Особливо цікаво, як таке може бути:

Код: [Вибрати]

93.78.91.147 - - [12/Dec/2011:11:00:16 +0200] "GET http://ya.ru HTTP/1.1" 200 483 "-" "Mozilla/5.0 (X11; Linux i686; rv:7.0.1)
Жоден встановлений переглядач такого User Agent не має.

І що це за рядки:

Код: [Вибрати]

99.227.232.111 - - [12/Dec/2011:22:22:13 +0200] "\xed\x1bh\xab\x8e\xe9\xe22N\x9f@\xe9\xb4/A\x8a\xac\xd5\"sz" 400 301 "-" "-"

Я, звичайно, можу закрити доступ до сервера всім крім localhost, але мені цікаво, як таке стається.

[piktor]

Вони-ж представилися:

GET /w00tw00t.at.blackhats.romanian.anti-sec:)

Шукають по інтернету хости з відкритим 80-м портом, потім, шляхом перебору виявляють, які у вас встановлені скрипти. Ну і намагаються застосувати туди якийсь експлоіт, напевне. Мій VPS теж так бомбили.
http://linux.m2osw.com/zmeu-attack

[Yury_Bulka]

От зараза. Дякую за інформацію. Але що то за GET http://ya.ru?

[Михайло Даниленко]

От зараза. Дякую за інформацію. Але що то за GET http://ya.ru?

Мабуть перевірка на open proxy.
Мене сканують на pma і подібне десь раз на день, тільки nginx у моїй конфігурації відповідає не 404, а просто дропає з’єднання.

[Yury_Bulka]

От зараза. Дякую за інформацію. Але що то за GET http://ya.ru?

Мабуть перевірка на open proxy.
Мене сканують на pma і подібне десь раз на день, тільки nginx у моїй конфігурації відповідає не 404, а просто дропає з’єднання.

Дякую... Здуріти можна. І чого люди до такої підлоти скочуються? Просто в голову не лізе, скільки тої зарази є. Хай боги їх простять...

Ще раз дякую за тлумачення.