BandaAncha

  • 🔍 en 📰 artículos ⏎
  • 🔍 en 💬 foros ⏎
  • 🔍 en 👇 este 💬 foro ⏎
  • 🔍 en 👇 este 💬 tema ⏎
Regístrate Regístrate Identifícate Identifícate

Access.log (servidor apache)

1
asymov

Buenas... vereis, tengo en marcha un servidor de apache, y revisando el informe de acesos, veo que aparecen cosas como esta, que no entiendo porque, si yo no tengo nada de eso en mi carpeta de htdocs.

81.171.96.* - - [30/Jan/2007:12:08:31 +0100] "GET /thisdoesnotexistahaha.php HTTP/1.1" 404 223
81.171.96.* - - [30/Jan/2007:12:08:31 +0100] "GET /cmd.php HTTP/1.1" 404 205
81.171.96.* - - [30/Jan/2007:12:08:31 +0100] "GET /cacti/cmd.php HTTP/1.1" 404 211
81.171.96.* - - [30/Jan/2007:12:08:31 +0100] "GET /portal/cacti/cmd.php HTTP/1.1" 404 218
81.171.96.* - - [30/Jan/2007:12:08:32 +0100] "GET /portal/cmd.php HTTP/1.1" 404 212
81.171.96.* - - [30/Jan/2007:12:08:32 +0100] "GET /stats/cmd.php HTTP/1.1" 404 211

o esto otro:

208.131.175.* - - [01/Feb/2007:00:48:54 +0100] "GET // HTTP/1.1" 200 7785
208.131.175.* - - [01/Feb/2007:00:48:55 +0100] "GET /horde/ HTTP/1.1" 404 204
208.131.175.* - - [01/Feb/2007:00:48:57 +0100] "GET /horde2/ HTTP/1.1" 404 205
208.131.175.* - - [01/Feb/2007:00:48:58 +0100] "GET /horde3/ HTTP/1.1" 404 205
208.131.175.* - - [01/Feb/2007:00:48:59 +0100] "GET /horde-3.0.9/ HTTP/1.1" 404 210
208.131.175.* - - [01/Feb/2007:00:49:03 +0100] "GET /horde/imp/ HTTP/1.1" 404 208
208.131.175.* - - [01/Feb/2007:00:49:08 +0100] "GET /people/horde/ HTTP/1.1" 404 211
208.131.175.* - - [01/Feb/2007:00:49:09 +0100] "GET /webmail/ HTTP/1.1" 404 206
208.131.175.* - - [01/Feb/2007:00:49:11 +0100] "GET /imp/ HTTP/1.1" 404 202
208.131.175.* - - [01/Feb/2007:00:49:15 +0100] "GET /webmail_horde/ HTTP/1.1" 404 212
208.131.175.* - - [01/Feb/2007:00:49:16 +0100] "GET /netmail/horde/ HTTP/1.1" 404 212
208.131.175.* - - [01/Feb/2007:00:49:17 +0100] "GET /dictionary/horde HTTP/1.1" 404 214
208.131.175.* - - [01/Feb/2007:00:49:19 +0100] "GET /temp/horde/ HTTP/1.1" 404 209
208.131.175.* - - [01/Feb/2007:00:49:20 +0100] "GET /category/horde/ HTTP/1.1" 404 213
208.131.175.* - - [01/Feb/2007:00:49:21 +0100] "GET /pub/horde/ HTTP/1.1" 404 208
208.131.175.* - - [01/Feb/2007:00:49:22 +0100] "GET /horde-webmail/ HTTP/1.1" 404 212
208.131.175.* - - [01/Feb/2007:00:49:22 +0100] "GET /projects/horde-vacation/ HTTP/1.1" 404 222
208.131.175.* - - [01/Feb/2007:00:49:23 +0100] "GET /tag/horde HTTP/1.1" 404 207
208.131.175.* - - [01/Feb/2007:00:49:24 +0100] "GET /www_root/ HTTP/1.1" 404 207
208.131.175.* - - [01/Feb/2007:00:49:25 +0100] "GET /horde/chasque/ HTTP/1.1" 404 212
208.131.175.* - - [01/Feb/2007:00:49:27 +0100] "GET /horde/util/ HTTP/1.1" 404 209
208.131.175.* - - [01/Feb/2007:00:49:28 +0100] "GET /zombie-horde/ HTTP/1.1" 404 211
208.131.175.* - - [01/Feb/2007:00:49:29 +0100] "GET /projects/pkg-horde/ HTTP/1.1" 404 217
208.131.175.* - - [01/Feb/2007:00:49:30 +0100] "GET /video/HORDE/ HTTP/1.1" 404 210
208.131.175.* - - [01/Feb/2007:00:49:31 +0100] "GET /pub/horde-cvs/ HTTP/1.1" 404 212
208.131.175.* - - [01/Feb/2007:00:49:32 +0100] "GET /api/horde/ HTTP/1.1" 404 208
208.131.175.* - - [01/Feb/2007:00:49:33 +0100] "GET /proj/Horde/ HTTP/1.1" 404 209
208.131.175.* - - [01/Feb/2007:00:49:34 +0100] "GET /zombie-horde-2/ HTTP/1.1" 404 213
208.131.175.* - - [01/Feb/2007:00:49:35 +0100] "GET /archives/horde/ HTTP/1.1" 404 213
208.131.175.* - - [01/Feb/2007:00:49:36 +0100] "GET /hordedev/ HTTP/1.1" 404 207
208.131.175.* - - [01/Feb/2007:00:49:40 +0100] "GET /horde/horde/ HTTP/1.1" 404 210
208.131.175.* - - [01/Feb/2007:00:49:41 +0100] "GET /silver_horde/ HTTP/1.1" 404 211
208.131.175.* - - [01/Feb/2007:00:49:44 +0100] "GET /gold_horde/ HTTP/1.1" 404 209
208.131.175.* - - [01/Feb/2007:00:49:45 +0100] "GET /wiki/Golden_Horde/ HTTP/1.1" 404 216
208.131.175.* - - [01/Feb/2007:00:49:46 +0100] "GET /tag/horde/ HTTP/1.1" 404 208
208.131.175.* - - [01/Feb/2007:00:49:46 +0100] "GET /wiki/horde/ HTTP/1.1" 404 209

Este me inquieta mas... con eso de zombie-horde... :-o

Edit:
Para decir que el servidor es Apache 2.2 en un win 2000 (con todas las actualizaciones)

Este tema está cerrado a nuevas respuestas. Abre un nuevo tema para retomar la conversación.
campi

Intentan llegar a esas carpetas a ver si pillan algo.. pero nada tranquilo

🗨️ 3
asymov

Gracias por responder.
Quieres decir que estan "mirando" a ver si tengo eso, y si es asi dar "el golpe" :-?

🗨️ 2
campi

Exacto, es un ataque por fuerza bruta por asi decirlo, prueban combinaciones de una lista a ver si consiguen descargar algo de valor.. no se el que pero bueno

🗨️ 1
asymov

Si... me imaginaba algo asi pero como no tengo idea del tema, pues pregunto por si acaso.
Gracias de nuevo... :-)

manuelc2005

Pero que gente mas puñetera, bueno mientras sean 404 todos ;) ten cuidado con el phpmyadmin que ese fijo lo tienes, estan buscando como si fuera un servidor web comercial.

🗨️ 3
asymov

Ya lo creo, el segundo, es una IP de jamaica:

Address : 208.131.175.159
Name : port0159-aba-s-adsl.cwjamaica.com (.COM | US Commercial)
Ping .... Ok, Time : 600
Port 21 ... Ok !
Port 22 ... Ok !
Port 80 ... Ok !
Port 111 ... Ok !
Port 139 ... Ok !
Port 443 ... Ok !
Port 445 ... Ok !
Port 3306 ... Ok !
Port 10000 ... Ok !
9 (of 1491) open port(s) detected

el phpmyadmin no lo tengo, no tengo php ni nada, es una web que tengo por aprender un poquito y pasar el rato.

Ya que hablamos del tema, os comento que he colgado esto:
cisco.com/c/en/us/training-events/traini…cations.html
No se si sera muy ilegal... :-P aconsejais no ponerlo?

🗨️ 2
Pridebowl

cacti,horde y no que cosas mas. :DD

Un saludo

escubidu

Si fuese tu iria poniendo otra cosita. Tu no eres Cisco y has copiado un página suya para ponerla en tu servidor sin su permiso.