個人的な φ(｀д´)ﾒﾓﾒﾓ…: 2009年12月の自宅サーバー不正アクセスメモ

12月の傾向としてphpmyadmin及びzencartを狙った攻撃が目立ちました。数えるほどのアクセス数しかない
うちのサーバーでさえ複数回スキャンがなされていることから、それなりに流行っているのではないでしょうか。

zencartは別として、phpmyadminは公衆へ公開して利用する類のものではありませんのでアップデートも疎かになりがちです。何らかの理由で公開する場合はこまめなアップデートやアクセス制御等、十分注意しなければいけませんね。

その他、.dynamic.hinet.netよりのspamリレー要求が相変わらず続いています。いくらrejectしても止まることがありません。

2009.12.02

203.189.46.xxx - - [02/Dec/2009:00:00:37 +0900] "#03\xb7\x96\v\x7f[:" 400 292 "-" "-"

アサヒネットより。うちもアサヒネットです。やられたんでしょうか...。

2009.12.04

200.253.158.xxx - - [04/Dec/2009:12:11:48 +0900] "GET //phpMyAdmin/ HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.253.158.xxx - - [04/Dec/2009:12:11:54 +0900] "GET //sql/ HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.253.158.xxx - - [04/Dec/2009:12:12:00 +0900] "GET //mysql/ HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

ブラジルより。

2009.12.11

204.13.1.27 - - [11/Dec/2009:16:27:47 +0900] "GET //admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:27:52 +0900] "GET //b2b/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:27:58 +0900] "GET //cart/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:03 +0900] "GET //catalog/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:08 +0900] "GET //ecommerce/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:14 +0900] "GET //eshop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:19 +0900] "GET //negozio/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:25 +0900] "GET //public/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:30 +0900] "GET //shop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:35 +0900] "GET //shops/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:41 +0900] "GET //store/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:46 +0900] "GET //ZEN/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:51 +0900] "GET //Shop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:28:57 +0900] "GET //zc/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:02 +0900] "GET //zen/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:07 +0900] "GET //zen-cart/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:13 +0900] "GET //zencart/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:18 +0900] "GET //zshop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:23 +0900] "GET //admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:29 +0900] "GET //magazin/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:34 +0900] "GET //m/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:39 +0900] "GET //html/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
204.13.1.xxx - - [11/Dec/2009:16:29:45 +0900] "GET //zencart2/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

米国よりZen Cartの検索。

2009.12.15

75.125.130.96 - - [15/Dec/2009:01:07:55 +0900] "GET /bn/file.php?action=update HTTP/1.0" 404 1736 "-" "iexplore"
75.125.130.xxx - - [15/Dec/2009:01:21:00 +0900] "GET /css/genimg.php?action=update HTTP/1.0" 404 1736 "-" "iexplore"

米国より。わからん。

2009.12.16

212.108.5.xxx - - [16/Dec/2009:19:40:40 +0900] "GET //admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:40 +0900] "GET //b2b/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:41 +0900] "GET //cart/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:41 +0900] "GET //catalog/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:42 +0900] "GET //ecommerce/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:43 +0900] "GET //eshop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:43 +0900] "GET //negozio/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:44 +0900] "GET //public/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:44 +0900] "GET //shop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:45 +0900] "GET //shops/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:45 +0900] "GET //store/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:46 +0900] "GET //ZEN/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:46 +0900] "GET //Shop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:47 +0900] "GET //zc/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:47 +0900] "GET //zen/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:48 +0900] "GET //zen-cart/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:48 +0900] "GET //zencart/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
212.108.5.xxx - - [16/Dec/2009:19:40:49 +0900] "GET //zshop/admin/includes/stylesheet.css HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

オランダよりZen Cartの検索。

2009.12.21

203.90.76.xxx - - [21/Dec/2009:16:40:32 +0900] "\x1d\xc5\x92\x82\t\xb2\xa1\xf2\xc1\"\x10\xf6\x9a4\\:\x90\\\x06\xef\xddlY\xaf\xb9x(2|\x11E\xfd'R`[\xc0" 400 292 "-" "-"

インドより。

2009.12.26

218.8.251.xxx - - [26/Dec/2009:04:08:15 +0900] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:16 +0900] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:16 +0900] "GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:16 +0900] "GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:17 +0900] "GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:17 +0900] "GET //php-my-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:17 +0900] "GET //myadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:18 +0900] "GET //PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:18 +0900] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
218.8.251.xxx - - [26/Dec/2009:04:08:18 +0900] "GET //p/m/a/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 953 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

中国から。phpmyadminの脆弱性を狙ったものだと思われる。たぶん、これ。

stylesheet

2009-12-28

2009年12月の自宅サーバー不正アクセスメモ