I&U Home > うにまま(仮) ・  謎ログの友 ・  パスワードコレクション ・  FormMail Scanners

謎ログ

  • ここには2002年以前の謎ログがあります。2003年以降の謎ログはlogwatch.htmlにあります。
  • 謎ログをカテゴリに分類してみました。
  • [all] [apache] [exploit] [ftp] [robot] [webalizer] [SEO_SPAM] [others]

    ほんとにNaverなの? 

    218.145.25.49 - - [31/Dec/2002:21:41:57 +0900] "GET /?action=ad HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:57 +0900] "GET /?action=faq HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=info HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=mail HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=mailfrz HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=rules HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=service HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=signup HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=spec HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=support HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    218.145.25.49 - - [31/Dec/2002:21:41:58 +0900] "GET /?action=troubles HTTP/1.0" 200 915 "-" "dloader(NaverRobot)/1.0"
    

    ano@ano.com 

    "GET x HTTP/1.0" 

    219.93.206.130 - - [26/Nov/2002:01:43:29 +0900] "GET x HTTP/1.0" 400 334 "-" "-"
    

    Microsoft URL Control - 6.00.8862 

    211.110.6.220 - - [23/Nov/2002:18:08:13 +0900] "GET /ftp:/mydmain/pub/ppp HTTP/1.1" 404 315 "-" "Microsoft URL Control - 6.00.8862" 
    211.110.6.220 - - [23/Nov/2002:18:08:56 +0900] "GET /~ppp/ftp:/mydomain/pub/ppp HTTP/1.1" 404 320 "-" "Microsoft URL Control - 6.00.8862"
    
    199.4.155.10 - - [01/Nov/2002:17:37:43 +0900] "GET / HTTP/1.1" 200 1332 "-" "Microsoft URL Control - 6.00.8862" 
    199.4.155.10 - - [02/Nov/2002:17:44:58 +0900] "GET / HTTP/1.1" 200 1332 "-" "Microsoft URL Control - 6.00.8862" 
    199.4.155.10 - - [03/Nov/2002:18:39:46 +0900] "GET / HTTP/1.1" 200 1332 "-" "Microsoft URL Control - 6.00.8862" 
    199.4.155.10 - - [04/Nov/2002:17:55:47 +0900] "GET / HTTP/1.1" 200 1332 "-" "Microsoft URL Control - 6.00.8862" 
    199.4.155.10 - - [05/Nov/2002:20:44:04 +0900] "GET / HTTP/1.1" 200 1332 "-" "Microsoft URL Control - 6.00.8862" 
    
    64.48.129.18 - - [07/Oct/2002:19:39:06 +0900] "GET /cgi-bin/formmail.pl?recipient=tupperhorse5@aol.com&subject=please%20close%20your%20open%20formmail&email=woolertm@flashmail.com&=http://xxx.xxx.xxx.xxx/cgi-bin/formmail.pl HTTP/1.1" 404 303 "-" "Microsoft URL Control - 6.00.8862"
    64.48.129.18 - - [07/Oct/2002:19:39:06 +0900] "GET /cgi-bin/formmail.cgi?recipient=tupperhorse5@aol.com&subject=please%20close%20your%20open%20formmail&email=woolertm@flashmail.com&=http://xxx.xxx.xxx.xxx/cgi-bin/formmail.cgi HTTP/1.1" 404 304 "-" "Microsoft URL Control - 6.00.8862"
    	(以下略)
    

    "-" 408 - "-" "-" 

    66.196.72.79 - - [09/Sep/2002:06:43:29 +0900] "-" 408 - "-" "-"
    66.196.73.76 - - [09/Sep/2002:08:47:09 +0900] "-" 408 - "-" "-"
    66.196.73.81 - - [12/Sep/2002:14:55:41 +0900] "-" 408 - "-" "-"
    66.196.72.19 - - [09/Oct/2002:04:05:09 +0900] "-" 408 - "-" "-"
    66.196.72.84 - - [16/Oct/2002:10:04:57 +0900] "-" 408 - "-" "-"
    66.196.73.42 - - [26/Oct/2002:05:56:15 +0900] "-" 408 - "-" "-"
    66.196.73.47 - - [09/Nov/2002:21:18:34 +0900] "-" 408 - "-" "-"
    

    msadcs.dll 

    208.203.70.195 - - [08/Nov/2002:10:56:37 +0900] "GET /msadc/msadcs.dll HTTP/1.0" 404 288 "-" "-" 
    208.203.70.195 - - [08/Nov/2002:10:56:38 +0900] "GET /msadc/msadcs.dll HTTP/1.0" 404 288 "-" "-"
    

    Pub Maker 

    Nov 10 14:05:20 myhost ftpd[22995]: FTPD: connection from pc-outside.uni-greifswald.de at Sun Nov 10 14:05:20 2002
    Nov 10 14:05:20 myhost ftpd[22995]: <--- 220 
    Nov 10 14:05:20 myhost ftpd[22995]: myhost FTP server () ready.
    Nov 10 14:05:20 myhost ftpd[22995]: FTPD: command: USER anonymous^M
    Nov 10 14:05:20 myhost ftpd[22995]: <--- 331 
    Nov 10 14:05:20 myhost ftpd[22995]: Guest login ok, send ident as password.
    Nov 10 14:05:21 myhost ftpd[22995]: FTPD: command: PASS pubmaker@axis.net^M
    Nov 10 14:05:21 myhost ftpd[22995]: <--- 230 
    Nov 10 14:05:21 myhost ftpd[22995]: Guest login ok, access restrictions apply.
    Nov 10 14:05:21 myhost ftpd[22995]: FTPD: command: MKD _ax^M
    Nov 10 14:05:21 myhost ftpd[22995]: <--- 550 
    Nov 10 14:05:21 myhost ftpd[22995]: _ax: Permission denied.
    Nov 10 14:05:21 myhost ftpd[22995]: FTPD: command: CWD /^M
    Nov 10 14:05:21 myhost ftpd[22995]: <--- 250 
    Nov 10 14:05:21 myhost ftpd[22995]: CWD command successful.
    Nov 10 14:05:22 myhost ftpd[22995]: FTPD: command: CWD /pub/^M
    Nov 10 14:05:22 myhost ftpd[22995]: <--- 250 
    Nov 10 14:05:22 myhost ftpd[22995]: CWD command successful.
    Nov 10 14:05:22 myhost ftpd[22995]: FTPD: command: MKD _ax^M
    Nov 10 14:05:22 myhost ftpd[22995]: <--- 550 
    Nov 10 14:05:22 myhost ftpd[22995]: _ax: Permission denied.
    	(略)
    

    ano@ano.com 

    go

    粘着君 

    @here.com 

    Oct 25 03:22:54 myhost ftpd[24850]: FTPD: connection from ca-bordeaux-13-232.abo.wanadoo.f at Fri Oct 25 03:22:54 2002
    Oct 25 03:22:54 myhost ftpd[24850]: <--- 220 
    Oct 25 03:22:54 myhost ftpd[24850]: myhost FTP server () ready.
    Oct 25 03:22:58 myhost ftpd[24850]: FTPD: command: USER anonymous^M
    Oct 25 03:22:58 myhost ftpd[24850]: <--- 331 
    Oct 25 03:22:58 myhost ftpd[24850]: Guest login ok, send ident as password.
    Oct 25 03:23:06 myhost ftpd[24850]: FTPD: command: PASS guest@here.com^M
    Oct 25 03:23:06 myhost ftpd[24850]: <--- 230 
    Oct 25 03:23:06 myhost ftpd[24850]: Guest login ok, access restrictions apply.
    Oct 25 03:23:06 myhost ftpd[24850]: FTPD: command: CWD /pub/^M
    Oct 25 03:23:06 myhost ftpd[24850]: <--- 250 
    Oct 25 03:23:06 myhost ftpd[24850]: CWD command successful.
    Oct 25 03:23:07 myhost ftpd[24850]: FTPD: command: MKD 021024202312p^M
    Oct 25 03:23:07 myhost ftpd[24850]: <--- 550 
    Oct 25 03:23:07 myhost ftpd[24850]: 021024202312p: Permission denied.
    Oct 25 03:23:07 myhost ftpd[24850]: FTPD: command: CWD /public/^M
    Oct 25 03:23:07 myhost ftpd[24850]: <--- 550 
    Oct 25 03:23:07 myhost ftpd[24850]: /public/: No such file or directory.
    Oct 25 03:23:08 myhost ftpd[24850]: FTPD: command: CWD /pub/incoming/^M
    Oct 25 03:23:08 myhost ftpd[24850]: <--- 550 
    Oct 25 03:23:08 myhost ftpd[24850]: /pub/incoming/: No such file or directory.
    

    sss@ 

    Oct 10 23:51:59 myhost ftpd[2723]: FTPD: connection from 213.226.134.110 at Thu Oct 10 23:51:59 2002
    Oct 10 23:51:59 myhost ftpd[2723]: <--- 220 
    Oct 10 23:51:59 myhost ftpd[2723]: myhost FTP server () ready.
    Oct 10 23:52:00 myhost ftpd[2723]: FTPD: command: USER anonymous^M
    Oct 10 23:52:00 myhost ftpd[2723]: <--- 331 
    Oct 10 23:52:00 myhost ftpd[2723]: Guest login ok, send ident as password.
    Oct 10 23:52:00 myhost ftpd[2723]: FTPD: command: PASS sss@servxxa.com^M
    Oct 10 23:52:00 myhost ftpd[2723]: <--- 230 
    Oct 10 23:52:00 myhost ftpd[2723]: Guest login ok, access restrictions apply.
    Oct 10 23:52:00 myhost ftpd[2723]: FTPD: command: TYPE I^M
    Oct 10 23:52:00 myhost ftpd[2723]: <--- 200 
    Oct 10 23:52:00 myhost ftpd[2723]: Type set to I.
    Oct 10 23:52:01 myhost ftpd[2723]: FTPD: command: PORT 213,226,134,110,253,241^M
    Oct 10 23:52:01 myhost ftpd[2723]: <--- 200 
    Oct 10 23:52:01 myhost ftpd[2723]: PORT command successful.
    Oct 10 23:52:06 myhost ftpd[2723]: FTPD: command: STOR AFS.TXT^M
    Oct 10 23:52:06 myhost ftpd[2723]: <--- 553 
    Oct 10 23:52:06 myhost ftpd[2723]: AFS.TXT: Permission denied.
    Oct 10 23:52:06 myhost ftpd[2723]: <--- 221 
    Oct 10 23:52:06 myhost ftpd[2723]: You could at least say goodbye.
    

    今度はmailto.exe 

    217.52.46.8 - - [24/Sep/2002:16:25:49 +0900] "GET /scripts/mailto.exe?sendto=bulkcop@yahoo.com&subject=mydomain/scripts/mailto.exe&email=rockstar@mail.com&message=rockstar HTTP/1.0" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    217.52.46.8 - - [24/Sep/2002:16:25:49 +0900] "GET /cgi-bin/mailto.exe?sendto=bulkcop@yahoo.com&subject=mydomain/cgi-bin/mailto.exe&email=rockstar@mail.com&message=rockstar HTTP/1.0" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    

    珍しい!! 

    130.34.78.86 - - [20/Sep/2002:11:29:35 +0900] "GET /~ggggg/favicon.ico HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)" 
    130.34.78.86 - - [20/Sep/2002:11:29:35 +0900] "GET /favicon.ico HTTP/1.1" 404 295 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"
    

    ano ano com 

    go
    Sep 19 02:15:35 myhost ftpd[2300]: FTPD: connection from pD951ED19.dip.t-dialin.net at Thu Sep 19 02:15:35 2002
    Sep 19 02:15:35 myhost ftpd[2300]: <--- 220 
    Sep 19 02:15:35 myhost ftpd[2300]: myhost FTP server () ready.
    Sep 19 02:15:36 myhost ftpd[2300]: FTPD: command: USER anonymous^M
    Sep 19 02:15:36 myhost ftpd[2300]: <--- 331 
    Sep 19 02:15:36 myhost ftpd[2300]: Guest login ok, send ident as password.
    Sep 19 02:15:37 myhost ftpd[2300]: FTPD: command: PASS ano@ano.com^M
    Sep 19 02:15:37 myhost ftpd[2300]: <--- 230 
    Sep 19 02:15:37 myhost ftpd[2300]: Guest login ok, access restrictions apply.
    Sep 19 02:15:37 myhost ftpd[2300]: FTPD: command: TYPE I^M
    Sep 19 02:15:37 myhost ftpd[2300]: <--- 200 
    	略
    Sep 19 02:15:43 myhost ftpd[2300]: FTPD: command: LIST /^M
    Sep 19 02:15:43 myhost ftpd[2300]: <--- 150 
    Sep 19 02:15:43 myhost ftpd[2300]: ASCII data connection for /bin/ls (217.81.237.25,4495) (0 bytes).
    Sep 19 02:15:43 myhost ftpd[2300]: <--- 226 
    Sep 19 02:15:43 myhost ftpd[2300]: ASCII Transfer complete.
    Sep 19 02:15:44 myhost ftpd[2300]: FTPD: command: CWD /bin^M
    Sep 19 02:15:44 myhost ftpd[2300]: <--- 250 
    Sep 19 02:15:44 myhost ftpd[2300]: CWD command successful.
    Sep 19 02:15:45 myhost ftpd[2300]: FTPD: command: PASV^M
    Sep 19 02:15:45 myhost ftpd[2300]: <--- 227 
    Sep 19 02:15:45 myhost ftpd[2300]: Entering Passive Mode (xxx,xxx,205,101,252,42)
    Sep 19 02:15:46 myhost ftpd[2300]: FTPD: command: TYPE I^M
    Sep 19 02:15:46 myhost ftpd[2300]: <--- 200 
    Sep 19 02:15:46 myhost ftpd[2300]: Type set to I.
    Sep 19 02:15:46 myhost ftpd[2300]: FTPD: command: ALLO 104154^M
    Sep 19 02:15:46 myhost ftpd[2300]: <--- 202 
    Sep 19 02:15:46 myhost ftpd[2300]: ALLO command ignored.
    Sep 19 02:15:47 myhost ftpd[2300]: FTPD: command: STOR 918.373^M
    Sep 19 02:15:47 myhost ftpd[2300]: <--- 553 
    	略
    

    formmail ふたたび 

    80.3.64.5 - - [19/Sep/2002:06:54:41 +0900] "HEAD /cgi-bin/formmail.pl HTTP/1.0" 404 0 "http://mydomain/" "-" 
    80.3.64.5 - - [19/Sep/2002:06:54:42 +0900] "HEAD /cgi-bin/formmail.cgi HTTP/1.1" 404 0 "http://mydomain/" "-"
    

    行儀悪いんじゃ? 

    211.101.4.15 - - [16/Sep/2002:03:11:51 +0900] "GET /?action=signup HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:51 +0900] "GET /?action=spec HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:51 +0900] "GET /?action=rules HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:52 +0900] "GET /?action=ad HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:52 +0900] "GET /?action=faq HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:52 +0900] "GET /?action=support HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:52 +0900] "GET /?action=service HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    211.101.4.15 - - [16/Sep/2002:03:11:52 +0900] "GET /?action=aboutus HTTP/1.1" 302 298 "-" "Internet Explore 5.x"
    

    なぜうちに??? 

    68.51.199.14 - - [12/Sep/2002:08:36:15 +0900] "GET /f.sb.gif HTTP/1.1" 404 292 "http://lw4fd.law4.hotmail.msn.com/cgi-bin/getmsg?curmbox=F000000001&a=365318a02b1caf1a79d75a731f7ec54c&msg=MSG1031786230.22&start=806672&len=2698" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 
    

    refer偽造 

    209.142.168.7 - - [11/Sep/2002:08:22:25 +0900] "POST /cgi-bin/formmail.pl HTTP/1.0" 404 291 "http://gib.genes.nig.ac.jp/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    209.142.168.7 - - [11/Sep/2002:08:22:29 +0900] "GET / HTTP/1.0" 200 3906 "http://mydomain/cgi-bin/formmail.pl" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    
    209.142.168.7 - - [11/Sep/2002:08:23:09 +0900] "POST /cgi-bin/formmail.pl HTTP/1.0" 404 288 "http://www.kuba.co.jp/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)" 
    209.142.168.7 - - [11/Sep/2002:08:23:13 +0900] "GET / HTTP/1.0" 200 1332 "http://mydomain/cgi-bin/formmail.pl" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    

    SuperScanの足跡 

    Sep  6 06:05:46 myhost ftpd[22667]: FTPD: connection from 217.172.194.74 at Fri Sep  6 06:05:46 2002
    Sep  6 06:05:46 myhost ftpd[22667]: <--- 220 
    Sep  6 06:05:46 myhost ftpd[22667]: myhost FTP server () ready.
    Sep  6 06:05:46 myhost ftpd[22667]: FTPD: command: ftp://%a:%p/,^M
    Sep  6 06:05:46 myhost ftpd[22667]: <--- 500 
    Sep  6 06:05:46 myhost ftpd[22667]: 'FTP://%A:%P/,': command not understood.
    Sep  6 06:05:47 myhost ftpd[22667]: <--- 221 
    Sep  6 06:05:47 myhost ftpd[22667]: You could at least say goodbye.
    

    FrontPage2000の脆弱性 

    NaverRobotったら 

    218.145.63.93 - - [06/Sep/2002:20:39:21 +0900] "GET /~7Eggggg/ HTTP/1.0" 404 282 "-" "dloader(NaverRobot)/1.0" 
    

    気になる? 

    ps.melco.co.jp - - [27/Aug/2002:14:24:27 +0900] "GET /spec/server.html HTTP/1.0" 200 2258 "http://www.google.co.jp/search?q=CD-R+CD-RW+Windows2000+Server&hl=ja&lr=lang_ja&ie=UTF-8&oe=UTF-8&start=100&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0; .NET CLR 1.0.3705)"
    

    proxy サービスはしておりません 

    158.252.215.43 - - [21/Aug/2002:00:34:24 +0900] "CONNECT mx2.mail.yahoo.com:25 HTTP/1.0" 405 309 
    213.37.58.178 - - [21/Aug/2002:15:35:52 +0900] "GET http://mytest.maddock.net/cgi-bin/myinfo HTTP/1.1" 404 298
    

    お盆でお休みしている間に、、、アタックその2 

    お盆でお休みしている間に、、、アタックその1 

    検索 

    "GET /unimama/download.html HTTP/1.1" 200 4084 "http://apple.excite.co.jp/search.gw?target=combined&look=applejp_jp&lang=all&search=Stufflt+Expandar&pref=all" 
    

    判明 408 

    分からん(2) 

    66.28.250.173 - - [26/Jul/2002:01:53:35 +0900] "GET /robots.txt HTTP/1.0" 200 187 66.28.250.173 - - [26/Jul/2002:01:53:35 +0900] "GET /&quot HTTP/1.0" 404 281

    formmail続報 

    64.48.129.24 - - [15/Jul/2002:08:03:15 +0900] "POST /cgi-bin/formmail.pl HTTP/1.0" 404 291
    64.48.129.24 - - [15/Jul/2002:08:03:19 +0900] "POST /cgi-bin/formmail.cgi HTTP/1.0" 404 292
    64.48.129.24 - - [15/Jul/2002:08:03:24 +0900] "POST /cgibin/formmail.pl HTTP/1.0" 404 290 
    64.48.129.24 - - [15/Jul/2002:08:03:28 +0900] "POST /cgibin/formmail.cgi HTTP/1.0" 404 291
    64.48.129.24 - - [15/Jul/2002:08:03:31 +0900] "POST /cgi-local/formmail.pl HTTP/1.0" 404 293
    64.48.129.24 - - [15/Jul/2002:08:03:36 +0900] "POST /cgi-local/formmail.cgi HTTP/1.0" 404 294
    

    機種名まで渡しているとは 

    [09/Jul/2002:10:02:17 +0900] "GET / HTTP/1.0" 200 339 "-" "DoCoMo/1.0/N503i/c10"
    

    IEだけじゃなくって、NN7も favicon.ico を見るようになったらしい 

    [09/Jul/2002:00:25:19 +0900] "GET /favicon.ico HTTP/1.1" 302 222 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1"
    

    分からん 

    65.116.145.138 - - [18/Apr/2002:03:13:17 +0900] "GET /%2016945926%2010000%202157 HTTP/1.1" 404 303 
    65.116.145.138 - - [18/Apr/2002:03:16:41 +0900] "GET /%20185464%2010000%2028 HTTP/1.1" 404 296 
    

    formmail.pl/formmail.cgiにセキュリティホールがあるらしい 

    24.26.60.165 - - [24/Jun/2002:01:17:21 +0900] "GET /cgi-bin/formmail.pl?recipient=ASLEEPYANA@aol.com&subject=http://xxx.xxx.xxx.jp/cgi-bin/formmail.pl&body=JupZ&email=srt@aol.com HTTP/1.1" 404 300
    24.26.60.165 - - [24/Jun/2002:01:17:21 +0900] "GET /cgi-bin/formmail.cgi?recipient=ASLEEPYANA@aol.com&subject=http://xxx.xxx.xxx.jp/cgi-bin/formmail.cgi&body=JupZ&email=mim@aol.com HTTP/1.1" 404 301
    24.26.60.165 - - [24/Jun/2002:01:17:21 +0900] "GET /cgi-local/formmail.cgi?recipient=ASLEEPYANA@aol.com&subject=http://xxx.xxx.xxx.jp/cgi-local/formmail.cgi&body=JupZ&email=boh@aol.com HTTP/1.1" 404 303
    24.26.60.165 - - [24/Jun/2002:01:17:21 +0900] "GET /cgi-local/formmail.pl?recipient=ASLEEPYANA@aol.com&subject=http://xxx.xxx.xxx.jp/cgi-local/formmail.pl&body=JupZ&email=prs@aol.com HTTP/1.1" 404 302
    

    そんな、いきなり、、、 

    anonymous@ftp.microsoft.com 続報 

    踏み台攻撃? 

    Mar 10 06:23:37 myhost ftpd[3735]: FTPD: connection from modemcable091.124-202-24.mtl.mc. at Sun Mar 10 06:23:37 2002
    Mar 10 06:23:37 myhost ftpd[3735]: <--- 220 
    Mar 10 06:23:37 myhost ftpd[3735]: myhost FTP server () ready.
    Mar 10 06:23:38 myhost ftpd[3735]: FTPD: command: USER anonymous@ftp.microsoft.com
    Mar 10 06:23:38 myhost ftpd[3735]: <--- 331 
    Mar 10 06:23:38 myhost ftpd[3735]: Password required for anonymous@ftp.microsoft.com.
    Mar 10 06:23:38 myhost ftpd[3735]: FTPD: command: PASS 
    Mar 10 06:23:38 myhost ftpd[3735]: <--- 530 
    Mar 10 06:23:38 myhost ftpd[3735]: Login incorrect.
    Mar 10 06:23:58 myhost ftpd[3735]: lost connection
    

    やっと判明??? "GET /_vti_bin/owssvr.dll", "GET /MSOffice/cltreq.asp" 

    "GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290
    "GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290
    

    なんでこんなことする? 

    "GET /pub/ppp HTTP/1.0" 404 278
    "GET /pub/ppp HTTP/1.0" 404 278
    

    気をつけよう 

    "GET /phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 274
    

    新手?と思ったら、CodeRedのようです。 

    go
    "GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290
    "GET /workshop/single.gif HTTP/1.0" 200 32157
    "GET /workshop/proJnew.html HTTP/1.0" 200 74861
    "GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 HTTP/1.0" 404 290
    
    でも、途中に普通のログを残すのが新鮮

    何してるの? 

    go
    "GET x HTTP/1.0" 400 333
    

    きっと '~' (チルダ) だろうけど、何をするとこうなるのかなぁ? 

    "GET /%E2%80%BEfoo/tools2.html HTTP/1.0" 404 290
    
    "GET /窶セgenome/whatgtop-j.html HTTP/1.0" 404 296
    "GET /窶セgenome/grpsblt.html HTTP/1.0" 404 293
    
    不思議なのは、このログと前後して同じ IP から正しく ~ が入力できていること

    最近現れるなぞの(おそらく)ロボット? 

    "-" 408 -
    
    なんだろう?

    へんなログ発見 

    "..." 501 -
    "GET HTTP://www.microsoft.com/ HTTP/1.0" 200 3895 (unknown host)
    ".." 501 -
    "." 501 -
    "." 501 -
    
    なにやってるんだろう?
    Dec 23 05:37:33 myhost in.ftpd[3900]: connect from 217.107.83.109
    Dec 23 05:37:33 myhost in.ftpd[3900]: connect from 217.107.83.109
    Dec 23 05:38:03 myhost in.ftpd[3902]: connect from 217.107.83.109
    Dec 23 05:38:03 myhost in.ftpd[3903]: connect from 217.107.83.109
    
    と思ったら、直前に ftp で繋げてきている
    Dec 23 05:37:33 myhost ftpd[3900]: FTPD: connection from 217.107.83.109 at Sun Dec 23 05:37:33 2001
    Dec 23 05:37:33 myhost ftpd[3900]: <--- 220 
    Dec 23 05:37:33 myhost ftpd[3900]: myhost FTP server () ready.
    Dec 23 05:37:37 myhost ftpd[3900]: lost connection
    Dec 23 05:38:03 myhost ftpd[3902]: FTPD: connection from 217.107.83.109 at Sun Dec 23 05:38:03 2001
    Dec 23 05:38:03 myhost ftpd[3902]: <--- 220 
    Dec 23 05:38:03 myhost ftpd[3902]: myhost FTP server () ready.
    Dec 23 05:38:03 myhost ftpd[3903]: FTPD: connection from 217.107.83.109 at Sun Dec 23 05:38:03 2001
    Dec 23 05:38:03 myhost ftpd[3903]: <--- 220 
    Dec 23 05:38:03 myhost ftpd[3903]: myhost FTP server () ready.
    Dec 23 05:38:04 myhost ftpd[3902]: FTPD: command: user mss
    Dec 23 05:38:04 myhost ftpd[3902]: <--- 331 
    Dec 23 05:38:04 myhost ftpd[3902]: Password required for mss.
    Dec 23 05:38:04 myhost ftpd[3902]: FTPD: command: 
    Dec 23 05:38:04 myhost ftpd[3902]: <--- 500 
    Dec 23 05:38:04 myhost ftpd[3902]: '': command not understood.
    Dec 23 05:38:04 myhost ftpd[3903]: FTPD: command: helo mss
    Dec 23 05:38:04 myhost ftpd[3903]: <--- 500 
    Dec 23 05:38:04 myhost ftpd[3903]: 'HELO mss': command not understood.
    Dec 23 05:38:04 myhost ftpd[3903]: FTPD: command: 
    Dec 23 05:38:04 myhost ftpd[3903]: <--- 500 
    Dec 23 05:38:04 myhost ftpd[3903]: '': command not understood.
    Dec 23 05:38:04 myhost ftpd[3902]: <--- 221 
    Dec 23 05:38:04 myhost ftpd[3902]: You could at least say goodbye.
    Dec 23 05:38:04 myhost ftpd[3903]: lost connection
    
    結局何がしたかったのかは不明

    なぞじゃないけど、、、チルダが入力できない私の知り合い 

    "GET /%EF%BD%9Emydir/zenkoku.html HTTP/1.1" 404 305
    "GET /%EF%BD%9Emydir/zenkoku.html HTTP/1.1" 404 305
    "GET /%EF%BD%9Emydir/zenkoku.html HTTP/1.1" 404 305
    "GET /mydir/zenkoku.html HTTP/1.1" 404 302
    "GET /%EF%BC%BEmydir/zenkoku.html HTTP/1.1" 404 305
    


    I&U Home > うにまま(仮) ・  謎ログの友 ・  パスワードコレクション ・  FormMail Scanners