Dziwne logi w access.log i error.log
: 02 kwietnia 2009, 22:50
Witam, niedawno zauważyłem, iż mam dziwne logi w pliku access.log. Nie wiem, czy to jest ważne czy nie, ale wolę się zapytać, żeby uniknąć problemów.
access.log
następnie:
kolejne:
Próba włamania?
Próba udana?
error.log
Informuję też, iż we wszystkich podanych urywkach logów nie wystąpił mój adres IP, przez co wydaje się być to bardzo podejrzane, tym bardziej, iż ktoś próbował chodzić (a może chodził) po plikach phpmyadmina.
Nie wiem czy to ważne i czy dobrze robiłem, ale większość tych IP próbowałem zablokować przez iptables poleceniem:
access.log
Kod: Zaznacz cały
127.0.0.1 - - [02/Apr/2009:15:41:13 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 339 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/phpMyAdmin/main.php HTTP/1.0" 404 339 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/sysadmin/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:30 +0200] "GET /admin/sqladmin/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/db/main.php HTTP/1.0" 404 331 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/web/main.php HTTP/1.0" 404 332 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/pMA/main.php HTTP/1.0" 404 332 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/main.php HTTP/1.0" 404 328 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/mysql/main.php HTTP/1.0" 404 334 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/myadmin/main.php HTTP/1.0" 404 336 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/webadmin/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/sqlweb/main.php HTTP/1.0" 404 335 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/websql/main.php HTTP/1.0" 404 335 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/webdb/main.php HTTP/1.0" 404 334 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/mysqladmin/main.php HTTP/1.0" 404 339 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/mysql-admin/main.php HTTP/1.0" 404 340 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:31 +0200] "GET /admin/phpmyadmin2/main.php HTTP/1.0" 404 340 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/php-my-admin/main.php HTTP/1.0" 404 341 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 345 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 349 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:32 +0200] "GET /admin/padmin/main.php HTTP/1.0" 404 335 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /admin/datenbank/main.php HTTP/1.0" 404 338 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /admin/database/main.php HTTP/1.0" 404 337 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /phpmyadmin/main.php HTTP/1.0" 200 8320 "-" "-"
213.92.103.115 - - [02/Apr/2009:15:41:33 +0200] "GET /phpmyadmin/libraries/select_lang.lib.php HTTP/1.0" 200 - "-" "-"
127.0.0.1 - - [02/Apr/2009:15:41:36 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Kod: Zaznacz cały
127.0.0.1 - - [02/Apr/2009:15:59:23 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /roundcube/index.php HTTP/1.1" 404 336 "-" "Mozilla/6.0"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /webmail/index.php HTTP/1.1" 404 334 "-" "Mozilla/6.0"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /index.php HTTP/1.1" 404 326 "-" "Mozilla/6.0"
91.121.88.36 - - [02/Apr/2009:15:59:37 +0200] "GET /mail/index.php HTTP/1.1" 404 331 "-" "Mozilla/6.0"
127.0.0.1 - - [02/Apr/2009:16:00:02 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Kod: Zaznacz cały
127.0.0.1 - - [02/Apr/2009:16:21:24 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
222.236.47.68 - - [02/Apr/2009:16:22:07 +0200] "GET /phpmyadmin/main.php HTTP/1.0" 200 8320 "-" "-"
222.236.47.68 - - [02/Apr/2009:16:22:09 +0200] "GET /phpmyadmin/libraries/select_lang.lib.php HTTP/1.0" 200 - "-" "-"
127.0.0.1 - - [02/Apr/2009:16:22:35 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Kod: Zaznacz cały
127.0.0.1 - - [02/Apr/2009:18:43:46 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
85.25.55.75 - - [02/Apr/2009:18:43:51 +0200] "GET /w00tw00t.at.ISC.SANS.test:) HTTP/1.1" 400 348 "-" "-"
127.0.0.1 - - [02/Apr/2009:18:44:12 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Kod: Zaznacz cały
127.0.0.1 - - [01/Apr/2009:16:12:15 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
staticline17211.toya.net.pl - - [01/Apr/2009:16:12:25 +0200] "HTTP/1.1 200 OK" 400 348 "-" "-"
staticline17211.toya.net.pl - - [01/Apr/2009:16:12:26 +0200] "HTTP/1.1 200 OK" 400 348 "-" "-"
127.0.0.1 - - [01/Apr/2009:16:12:40 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch (internal dummy connection)"
Kod: Zaznacz cały
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:30 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:31 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:32 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:33 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
[Thu Apr 02 15:41:33 2009] [error] [client 213.92.103.115] File does not exist: /var/www/admin
Nie wiem czy to ważne i czy dobrze robiłem, ale większość tych IP próbowałem zablokować przez iptables poleceniem:
Kod: Zaznacz cały
iptables -A FORWARD -p tcp -s tu_ip_typa -j DROP