Dziwne logi w access.log i error.log

Konfiguracja serwerów, usług, itp.
ODPOWIEDZ
bill
Posty: 13
Rejestracja: 10 stycznia 2009, 20:09

Dziwne logi w access.log i error.log

Post autor: bill »

Witam, niedawno zauważyłem, iż mam dziwne logi w pliku access.log. Nie wiem, czy to jest ważne czy nie, ale wolę się zapytać, żeby uniknąć problemów.

access.log

Kod: Zaznacz cały

127.0.0.1 - - [02/Apr/2009:15:41:13 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 339 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/phpMyAdmin/main.php HTTP/1.0" 404 339 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/sysadmin/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/sqladmin/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/db/main.php HTTP/1.0" 404 331 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/web/main.php HTTP/1.0" 404 332 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/pMA/main.php HTTP/1.0" 404 332 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/main.php HTTP/1.0" 404 328 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/mysql/main.php HTTP/1.0" 404 334 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/myadmin/main.php HTTP/1.0" 404 336 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/webadmin/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/sqlweb/main.php HTTP/1.0" 404 335 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/websql/main.php HTTP/1.0" 404 335 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/webdb/main.php HTTP/1.0" 404 334 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/mysqladmin/main.php HTTP/1.0" 404 339 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/mysql-admin/main.php HTTP/1.0" 404 340 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/phpmyadmin2/main.php HTTP/1.0" 404 340 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/php-my-admin/main.php HTTP/1.0" 404 341 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/padmin/main.php HTTP/1.0" 404 335 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /admin/datenbank/main.php HTTP/1.0" 404 338 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /admin/database/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /phpmyadmin/main.php HTTP/1.0" 200 8320 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /phpmyadmin/libraries/select_lang.lib.php HTTP/1.0" 200 - "-" "-"
127.0.0.1 - - [02/Apr/2009:15:41:36 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
następnie:

Kod: Zaznacz cały

127.0.0.1 - - [02/Apr/2009:15:59:23 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /roundcube/index.php HTTP/1.1" 404 336 "-" "Mozilla/6.0"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /webmail/index.php HTTP/1.1" 404 334 "-" "Mozilla/6.0"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /index.php HTTP/1.1" 404 326 "-" "Mozilla/6.0"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /mail/index.php HTTP/1.1" 404 331 "-" "Mozilla/6.0"
127.0.0.1 - - [02/Apr/2009:16:00:02 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
kolejne:

Kod: Zaznacz cały

127.0.0.1 - - [02/Apr/2009:16:21:24 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
222.236.47.68 - - [02/Apr/2009:16:22:07 +0200] "GET /phpmyadmin/main.php HTTP/1.0" 200 8320 "-" "-"
222.236.47.68 - - [02/Apr/2009:16:22:09 +0200] "GET /phpmyadmin/libraries/select_lang.lib.php HTTP/1.0" 200 - "-" "-"
127.0.0.1 - - [02/Apr/2009:16:22:35 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Próba włamania?

Kod: Zaznacz cały

127.0.0.1 - - [02/Apr/2009:18:43:46 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
85.25.55.75 - - [02/Apr/2009:18:43:51 +0200] "GET /w00tw00t.at.ISC.SANS.test:) HTTP/1.1" 400 348 "-" "-"
127.0.0.1 - - [02/Apr/2009:18:44:12 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Próba udana?

Kod: Zaznacz cały

127.0.0.1 - - [01/Apr/2009:16:12:15 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
staticline17211.toya.net.pl - - [01/Apr/2009:16:12:25 +0200] "HTTP/1.1 200 OK" 400 348 "-" "-"
staticline17211.toya.net.pl - - [01/Apr/2009:16:12:26 +0200] "HTTP/1.1 200 OK" 400 348 "-" "-"
127.0.0.1 - - [01/Apr/2009:16:12:40 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
error.log

Kod: Zaznacz cały

[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:33 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:33 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
Informuję też, iż we wszystkich podanych urywkach logów nie wystąpił mój adres IP, przez co wydaje się być to bardzo podejrzane, tym bardziej, iż ktoś próbował chodzić (a może chodził) po plikach phpmyadmina.

Nie wiem czy to ważne i czy dobrze robiłem, ale większość tych IP próbowałem zablokować przez iptables poleceniem:

Kod: Zaznacz cały

iptables -A FORWARD -p tcp -s tu_ip_typa -j DROP
Na górę
ODPOWIEDZ

Wróć do „Serwer”