cosa ne pensate di questi log?! :)

[tse]

ciao ragazzi.
stamane al mio risveglio mi sono acoorto che qualcuno ha dato filo da torcere al mio serverino interno tutta la notte..
cosa ne pensate di questi log?vi ho ovviamente nascosto l'ip dell'untore...e i log non sono completi ma ci sarebbero altri 2 mega di log.....

ciao josef.





"`GY" 501 - "-" "-"
"\xb0\v\xecR\x80b\x01\x02\xbd" 400 - "-" "-"
"\xa0\x91\xefR\x80b\x01\x02\xbd" 501 - "-" "-"
"0\x80\xf1R\x80b\x01\x02\xbd" 501 - "-" "-"
"`'\xf2R\x80b\x01\x02\xbd" 501 - "-" "-"
"\x10#\xf3R\x80b\x01\x02\xbd" 501 - "-" "-"
"\x80\xd4\xf5R\x80b\x01\x02\xbd" 501 - "-" "-"
"\x10\x13\xfcR\x80b\x01\x02\xbd" 501 - "-" "-"
"@z\x01S\x80b\x01\x02\xbd" 501 - "-" "-"
"GET /NULL.printer" 404 - "-" "-"
"HEAD / HTTP/1.0" 200 0 "-" "-"
"GET /.pl HTTP/1.0" 404 294 "-" "-"
"GET /....../etc/hosts HTTP/1.0" 404 307 "-" "-"
"GET /../../../../etc/hosts HTTP/1.0" 400 374 "-" "-"
"GET /.access HTTP/1.0" 404 298 "-" "-"
"GET /.bash_history HTTP/1.0" 404 304 "-" "-"
"GET /.htaccess HTTP/1.0" 403 304 "-" "-"
"GET /.htpasswd HTTP/1.0" 403 304 "-" "-"
"GET /.passwd HTTP/1.0" 404 298 "-" "-"
"GET /~bin HTTP/1.0" 403 299 "-" "-"
"GET /~ftp HTTP/1.0" 404 295 "-" "-"
ET /~guest HTTP/1.0" 404 297 "-" "-"
] "GET /~log HTTP/1.0" 404 295 "-" "-"
- - [21/Feb/1997:23:25:04 +0100] "GET /~logs HTTP/1.0" 404 96 "-" "-"
- - [21/Feb/1997:23:25:04 +0100] "GET /~lp HTTP/1.0" 403 298 "-" "-"
- - [21/Feb/1997:23:25:05 +0100] "GET /~named HTTP/1.0" 403 1 "-" "-"
- - [21/Feb/1997:23:25:05 +0100] "GET /~root HTTP/1.0" 403 300 "-" "-"
1 - - [21/Feb/1997:23:25:09 +0100] "GET /~test HTTP/1.0" 404 296 "-" "-"
2.114.41 - - [21/Feb/1997:23:25:09 +0100] "GET /~tmp HTTP/1.0" 404 295 "-" "-"
4.41 - - [21/Feb/1997:23:25:10 +0100] "GET /bb-dnbd/bb-hist.sh HTTP/1.0" 404 309 "-" "-"
.41 - - [21/Feb/1997:23:25:12 +0100] "GET /bin HTTP/1.0" 404 294 "-" "-"
.41 - - [21/Feb/1997:23:25:13 +0100] "GET /bin/jscripts/GneteFuncs.js HTTP/1.0" 404 317 "-" "-"
41 - - [21/Feb/1997:23:25:14 +0100] "GET ccbill/secure/ccbill.log HTTP/1.0" 404 315 "-" "-"
.41 - - [21/Feb/1997:23:25:14 +0100] "GET /cgi-bin/add_ftp.cgi HTTP/1.0" 403 314 "-" "-"
.41 - - [21/Feb/1997:23:25:18 +0100] "GET cgi-bin/Admin_files/order.log HTTP/1.0" 403 324 "-" "-"
.41 - - [21/Feb/1997:23:25:18 +0100] "GET /cgi-bin/adp TTP/1.0" 403 306 "-" "-"
.41 - - [21/Feb/1997:23:25:18 +0100] "GET /cgi-bin/adpassword.txt HTTP/1.0" 403 317 "-" "-"
.41 - - [21/Feb/1997:23:25:19 +0100] "GET /cgi-bin/ads.setup HTTP/1.0" 403 312 "-" "-"
.41 - - [21/Feb/1997:23:25:19 +0100] "GET /cgi-bin/aglimpse HTTP/1.0" 403 311 "-" "-"
14.41 - - [21/Feb/1997:23:25:20 +0100] "GET /Cgi-Bin/aglimpse.cgi HTTP/1.0" 404 311 "-" "-"
4.41 - - [21/Feb/1997:23:25:21 +0100] "GET /cgi-bin/aglimpse.cgi HTTP/1.0" 403 315 "-" "-"
4.41 - - [21/Feb/1997:23:25:22 +0100] "GET /Cgi-Bin/alibaba.pl HTTP/1.0" 404 309 "-" "-"
.41 - - [21/Feb/1997:23:25:28 +0100] "GET /cgi-bin/alibaba.pl HTTP/1.0" 403 313 "-" "-"
.41 - - [21/Feb/1997:23:25:30 +0100] "GET /cgi-bin/alibaba.pl\\dir HTTP/1.0" 403 317 "-" "-"
.41 - - [21/Feb/1997:23:25:31 +0100] "GET /cgi-bin/allmanage.pl HTTP/1.0" 403 315 "-" "-"
.41 - - [21/Feb/1997:23:25:32 +0100] "GET /cgi-bin/allmanage/adp HTTP/1.0" 403 316 "-" "-"
.41 - - [21/Feb/1997:23:25:39 +0100] "GET /cgi-bin/allmanage/k HTTP/1.0" 403 314 "-" "-"
.41 - - [21/Feb/1997:23:25:39 +0100] "GET /cgi-bin/allmanage/settings.cfg HTTP/1.0" 403 325 "-" "-"
.41 - - [21/Feb/1997:23:25:39 +0100] "GET /cgi-bin/allmanage/userfile.dat HTTP/1.0" 403 325 "-" "-"
4.41 - - [21/Feb/1997:23:25:40 +0100] "GET cgi-bin/allmanageup.pl HTTP/1.0" 403 317 "-" "-"
.41 - - [21/Feb/1997:23:25:40 +0100] "GET /cgi-bin/AnyBoard.cgi HTTP/1.0" 403 315 "-" "-"
.41 - - [21/Feb/1997:23:25:41 +0100] "GET /cgi-bin/anyboard.cgi HTTP/1.0" 403 315 "-" "-"
.41 - - [21/Feb/1997:23:25:46 +0100] "GET /cgi-bin/AnyForm HTTP/1.0" 403 310 "-" "-"
.41 - - [21/Feb/1997:23:25:48 +0100] "GET /cgi-bin/AnyForm.cgi HTTP/1.0" 403 314 "-" "-"
.41 - - [21/Feb/1997:23:25:51 +0100] "GET /cgi-bin/AnyForm2 HTTP/1.0" 403 311 "-" "-"
.41 - - [21/Feb/1997:23:25:51 +0100] "GET /cgi-bin/archie HTTP/1.0" 403 309 "-" "-"
.41 - - [21/Feb/1997:23:25:59 +0100] "GET /cgi-bin/architext_query.pl HTTP/1.0" 403 321 "-" "-"
.41 - - [21/Feb/1997:23:26:03 +0100] "GET /cgi-bin/ash HTTP/1.0" 403 306 "-" "-"
4.41 - - [21/Feb/1997:23:26:03 +0100] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 403 315 "-" "-"
.41 - - [21/Feb/1997:23:26:05 +0100] "GET /cgi-bin/AT-generate.cgi HTTP/1.0" 403 318 "-" "-"
.41 - - [21/Feb/1997:23:26:09 +0100] "GET /cgi-bin/authorize/dbmfiles/users HTTP/1.0" 403 327 "-" "-"
.41 - - [21/Feb/1997:23:26:09 +0100] "GET /cgi-bin/ax.cgi HTTP/1.0" 403 309 "-" "-"
114.41 - - [21/Feb/1997:23:26:11 +0100] "GET cgi-bin/axs.cgi HTTP/1.0" 403 310 "-" "-"
.114.41 - - [21/Feb/1997:23:26:11 +0100] "GET /cgi-bin/bash HTTP/1.0" 403 307 "-" "-"
.114.41 - - [21/Feb/1997:23:26:12 +0100] "GET /cgi-bin/bigconf.cgi HTTP/1.0" 403 314 "-" "-"
2.114.41 - - [21/Feb/1997:23:26:14 +0100] "GET /cgi-bin/bigconf.cgi all HTTP/1.0" 400 396 "-" "-"
14.41 - - [21/Feb/1997:23:26:14 +0100] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 403 315 "-" "-"
.114.41 - - [21/Feb/1997:23:26:14 +0100] "GET /cgi-bin/bb-hist.sh HTTP/1.0" 403 313 "-" "-"
2.114.41 - - [21/Feb/1997:23:26:14 +0100] "GET /cgi-bin/bizdb1-search.cgi HTTP/1.0" 403 320 "-" "-"
2.114.41 - - [21/Feb/1997:23:26:15 +0100] "GET /cgi-bin/bnbform HTTP/1.0" 403 310 "-" "-"
.114.41 - - [21/Feb/1997:23:26:15 +0100] "GET cgi-bin/bnbform.cgi HTTP/1.0" 403 314 "-" "-"
114.41 - - [21/Feb/1997:23:26:27 +0100] "GET /cgi-bin/cachemgr.cgi HTTP/1.0" 403 315 "-" "-"
114.41 - - [21/Feb/1997:23:26:28 +0100] "GET cgi-bin/calendar HTTP/1.0" 403 311 "-" "-"
4.41 - - [21/Feb/1997:23:26:32 +0100] "GET /cgi-bin/calender.pl HTTP/1.0" 403 314 "-" "-"
14.41 - - [21/Feb/1997:23:26:41 +0100] "GET /cgi-bin/calender_admin.pl HTTP/1.0" 403 320 "-" "-"
4.41 - - [21/Feb/1997:23:26:45 +0100] "GET /Cgi-Bin/campas HTTP/1.0" 404 305 "-" "-"
14.41 - - [21/Feb/1997:23:26:45 +0100] "GET /cgi-bin/campas HTTP/1.0" 403 309 "-" "-"
14.41 - - [21/Feb/1997:23:26:45 +0100] "GET /cgi-bin/carbo.dll HTTP/1.0" 403 312 "-" "-"
.41 - - [21/Feb/1997:23:26:50 +0100] "GET /cgi-bin/cart.pl HTTP/1.0" 403 310 "-" "-"
14.41 - - [21/Feb/1997:23:26:51 +0100] "GET /cgi-bin/ceilidh.exe/ceilidh/?N4 HTTP/1.0" 403 323 "-" "-"
14.41 - - [21/Feb/1997:23:26:54 +0100] "GET /cgi-bin/cgimail.exe HTTP/1.0" 403 314 "-" "-"
.41 - - [21/Feb/1997:23:26:55 +0100] "GET /Cgi-Bin/cgitest.exe HTTP/1.0" 404 310 "-" "-"
4.41 - - [21/Feb/1997:23:26:55 +0100] "GET /cgi-bin/Cgitest.exe HTTP/1.0" 403 314 "-" "-"
4.41 - - [21/Feb/1997:23:27:00 +0100] "GET /cgi-bin/cgiwrap HTTP/1.0" 403 310 "-" "-"
.41 - - [21/Feb/1997:23:27:01 +0100] "GET /cgi-bin/classified.cgi HTTP/1.0" 403 317 "-" "-"
4.41 - - [21/Feb/1997:23:27:02 +0100] "GET /cgi-bin/classifieds HTTP/1.0" 403 314 "-" "-"
14.41 - - [21/Feb/1997:23:27:02 +0100] "GET gi-bin/classifieds.cgi HTTP/1.0" 403 318 "-" "-"
4.41 - - [21/Feb/1997:23:27:02 +0100] "GET -bin/clickresponder.pl HTTP/1.0" 403 320 "-" "-"
14.41 - - [21/Feb/1997:23:27:02 +0100] "GET /Cgi-Bin/cmd.exe HTTP/1.0" 404 306 "-" "-"
14.41 - - [21/Feb/1997:23:27:03 +0100] "GET /cgi-bin/cmd.exe HTTP/1.0" 403 310 "-" "-"
41 - - [21/Feb/1997:23:27:03 +0100] "GET /Cgi-Bin/cmd32.exe HTTP/1.0" 404 308 "-" "-"
.41 - - [21/Feb/1997:23:27:03 +0100] "GET /Cgi-Bin/cmd32.exe?/c+dir HTTP/1.0" 404 308 "-" "-"
4.41 - - [21/Feb/1997:23:27:03 +0100] "GET /cgi-bin/Count.cgi HTTP/1.0" 403 312 "-" "-"
14.41 - - [21/Feb/1997:23:27:03 +0100] "GET /Cgi-Bin/count.cgi HTTP/1.0" 404 308 "-" "-"
.41 - - [21/Feb/1997:23:27:03 +0100] "GET /cgi-bin/counterfiglet HTTP/1.0" 403 316 "-" "-"
.41 - - [21/Feb/1997:23:27:03 +0100] "GET /Cgi-Bin/csh HTTP/1.0" 404 302 "-" "-"
.41 - - [21/Feb/1997:23:27:05 +0100] "GET /cgi-bin/csh HTTP/1.0" 403 306 "-" "-"
.41 - - [21/Feb/1997:23:27:05 +0100] "GET /cgi-bin/date HTTP/1.0" 403 307 "-" "-"
14.41 - - [21/Feb/1997:23:27:05 +0100] "GET /cgi-bin/day5datacopier.cgi HTTP/1.0" 403 321 "-" "-"
41 - - [21/Feb/1997:23:27:05 +0100] "GET /cgi-bin/day5datanotifier.cgi HTTP/1.0" 403 323 "-" "-"
- - [21/Feb/1997:23:27:08 +0100] "GET /cgi-bin/day5notifier HTTP/1.0" 403 315 "-" "-"
.114.41 - - [21/Feb/1997:23:27:08 +0100] "GET /cgi-bin/dbmlparser.exe HTTP/1.0" 403 317 "-" "-"
114.41 - - [21/Feb/1997:23:27:12 +0100] "GET /cgi-bin/dig.cgi HTTP/1.0" 403 310 "-" "-"
14.41 - - [21/Feb/1997:23:27:17 +0100] "GET cgi-bin/dnewsweb HTTP/1.0" 403 311 "-" "-"
4.41 - - [21/Feb/1997:23:27:17 +0100] "GET /cgi-bin/download.cgi HTTP/1.0" 403 315 "-" "-"
.41 - - [21/Feb/1997:23:27:17 +0100] "GET /cgi-bin/dumpenv.pl HTTP/1.0" 403 313 "-" "-"
41 - - [21/Feb/1997:23:27:17 +0100] "GET /Cgi-Bin/echo.bat HTTP/1.0" 404 307 "-" "-"
1 - - [21/Feb/1997:23:27:18 +0100] "GET /cgi-bin/edit.pl HTTP/1.0" 403 310 "-" "-"
4.41 - - [21/Feb/1997:23:27:21 +0100] "GET /Cgi-Bin/enivron.pl HTTP/1.0" 404 309 "-" "-"
41 - - [21/Feb/1997:23:27:21 +0100] "GET /cgi-bin/environ.cgi HTTP/1.0" 403 314 "-" "-"
1 - - [21/Feb/1997:23:27:22 +0100] "GET /cgi-bin/excite HTTP/1.0" 403 309 "-" "-"
.41 - - [21/Feb/1997:23:27:22 +0100] "GET /Cgi-Bin/ezshopper/loadpage.cgi HTTP/1.0" 404 321 "-" "-"
1 - - [21/Feb/1997:23:27:30 +0100] "GET /Cgi-Bin/ezshopper/search.cgi HTTP/1.0" 404 319 "-" "-"
.41 - - [21/Feb/1997:23:27:31 +0100] "GET /cgi-bin/faxsurvey HTTP/1.0" 403 312 "-" "-"
.41 - - [21/Feb/1997:23:27:32 +0100] "GET /Cgi-Bin/faxsurvey HTTP/1.0" 404 308 "-" "-"
.41 - - [21/Feb/1997:23:27:32 +0100] "GET /cgi-bin/filemail HTTP/1.0" 403 311 "-" "-"
.41 - - [21/Feb/1997:23:27:34 +0100] "GET /cgi-bin/filemail.pl HTTP/1.0" 403 314 "-" "-"
14.41 - - [21/Feb/1997:23:27:34 +0100] "GET /cgi-bin/files.pl HTTP/1.0" 403 311 "-" "-"
14.41 - - [21/Feb/1997:23:27:36 +0100] "GET /cgi-bin/finger HTTP/1.0" 403 309 "-" "-"
.114.41 - - [21/Feb/1997:23:27:38 +0100] "GET /cgi-bin/finger.cgi HTTP/1.0" 403 313 "-" "-"
114.41 - - [21/Feb/1997:23:27:39 +0100] "GET /cgi-bin/finger.pl HTTP/1.0" 403 312 "-" "-"
14.41 - - [21/Feb/1997:23:27:39 +0100] "GET /cgi-bin/flexform HTTP/1.0" 403 311 "-" "-"
14.41 - - [21/Feb/1997:23:27:40 +0100] "GET /cgi-bin/flexform.cgi HTTP/1.0" 403 315 "-" "-"
4.41 - - [21/Feb/1997:23:27:40 +0100] "GET /Cgi-Bin/FormHandler.cgi HTTP/1.0" 404 314 "-" "-"
.41 - - [21/Feb/1997:23:27:41 +0100] "GET /cgi-bin/FormHandler.cgi HTTP/1.0" 403 318 "-" "-"
.114.41 - - [21/Feb/1997:23:27:41 +0100] "GET /Cgi-Bin/formmail HTTP/1.0" 404 307 "-" "-"
.114.41 - - [21/Feb/1997:23:27:42 +0100] "GET gi-Bin/formmail.cgi HTTP/1.0" 404 311 "-" "-"
.114.41 - - [21/Feb/1997:23:27:44 +0100] "GET /Cgi-Bin/formmail.pl HTTP/1.0" 404 310 "-" "-"
.114.41 - - [21/Feb/1997:23:27:44 +0100] "GET /cgi-bin/formmail.pl HTTP/1.0" 403 314 "-" "-"

[sathia]

bots

[billiejoex]

hai patchato IIS?

[sathia]

non c'entra niente iis, credo che sia un server linux.
per questo dico che sono dei bots (quelli sì che girano su windows) che provano degli ip a caso, e quando ne trovano uno ci tirano un po' di mazzate

[billiejoex]

ho guardato bene adesso le directory, hai ragione.

[tse]

si si linux apache..
sinceramente non mi preoccupano piu di tanto.....
è tutto ben chiuso....quindi..
mi pongo il problema di come tutto cio avvenga....
poi per carità era accesso anche da 3 mesi..lo uso per condividere la connessione.........
e accedo ad esso solo tramite ssh e tunneling.....


VVoVe:

[tse]

non fate caso alla data...soffre del millennium bug...se sposto la data al 2000 non mi logga......

............

[wittgen105]

Come fai ed essere così sicuro che il tuo server è stato disturbato?

[tse]

VVoVe:

[wittgen105]

Originariamente inviato da tse
VVoVe: