1
TangMonk 2014-12-15 09:32:32 +08:00
这是干嘛 ,下你网站源码?
|
2
qq446015875 2014-12-15 09:35:16 +08:00 via Android
我这天天都有尝试访问
/phpmyadmin /admin /sql 总之各种扫…… |
3
xidianlz 2014-12-15 09:39:11 +08:00
其实可以把别人扫你的收集起来,就得到了一个可以扫别人的库了~别人都帮你整理好了呀~
|
4
x86 2014-12-15 09:40:03 +08:00 via iPhone
类似挖掘鸡那种批量扫漏口令/目录/备份文件
|
5
s2555 OP 我在想要不要建好这样的文件,里面放点福利给他下载呢
|
6
loveyu 2014-12-15 11:19:04 +08:00
我刚也看了看,类似的有
112.242.27.228 "GET /db.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /db.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wz.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wz.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /fdsa.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /fdsa.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wangzhan.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wangzhan.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /root.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /root.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /admin.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /admin.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /data.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /gg.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /vip.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /flashfxp.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /flashfxp.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E6%96%B0%E5%BB%BA%E6%96%87%E4%BB%B6%E5%A4%B9.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E6%96%B0%E5%BB%BA%E6%96%87%E4%BB%B6%E5%A4%B9.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /01.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /01.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /02.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /02.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /03.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /03.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /04.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /04.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /05.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /05.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /06.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /06.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /09.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /09.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /10.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /10.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /1.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /1.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /2.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /2.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /3.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /3.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /4.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /4.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /5.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /5.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /6.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /6.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /7.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /7.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /8.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /8.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /9.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /9.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /11.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /11.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /12.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /12.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /20.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /20.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /22.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /22.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /33.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /33.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /44.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /44.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /55.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /55.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /66.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /66.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /77.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /77.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /88.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /88.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /99.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /99.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /00.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /aa.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /abc.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /aa.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /abc.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /123.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /123.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /1234.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /1234.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /111.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /111.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /1111.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /1111.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /888.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /888.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /222.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /222.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /333.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /333.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /444.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /444.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /555.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /555.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /666.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /666.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /777.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /777.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /888.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /888.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /999.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /999.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /000.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /000.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web123.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web123.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /webbak.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /webbak.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwrootbak.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwrootbak.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwroot11.rr HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwroot11.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web2.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web2.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /hushua.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /hushua.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /hsw.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /hsw.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwroot1.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwroot1.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web1.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web1.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /www1.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /www1.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E6%95%B0%E6%8D%AE%E5%BA%93.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E6%95%B0%E6%8D%AE%E5%BA%93.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E5%88%B7%E4%BF%A1%E8%AA%89.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E5%88%B7%E4%BF%A1%E8%AA%89.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E5%88%B7%E9%92%BB.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /%E5%88%B7%E9%92%BB.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /sql.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /sql.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /bak.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /bak.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwroot.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /wwwroot.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /HYTop.mdb HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /www.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /www.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /web.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /beifen.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /beifen.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /2012.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /2012.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /2013.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /2013.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /shua.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /shua.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /sxy.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /sxy.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /shuazuan.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /shuazuan.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /s.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /s.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /q.rar HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /q.zip HTTP/1.1" 404 5838 "-" "-" - 112.242.27.228 "GET /w.rar HTTP/1.1" 404 5838 "-" "-" - |
7
bellchu 2014-12-15 11:21:11 +08:00
我都是Fail2ban写了规则屏蔽这类IP的 jail一天
|
9
bellchu 2014-12-15 14:03:58 +08:00 2
@y051313 我吧别人防探测的regex贴出来算了,自己做少许修改,对症下药,把没有的服务删了就成了,你的情况就留几个rar zip 的特征就够了
failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*/(cgi-bin|admin|Admin|sql|mail|phpmyadmin|file:|php|pma| web|PMA|PMA2006|pma2006|sqlmanager|mysqlmanager|PM A2005|phpmyadmin-old|phpmyadminold|pma2005|phpmanager|mysql|myadmin |webadmin|sqlweb|websql|webdb|mysqladmin|mysql-admin|phpmyadmin2|phpMyAdmin2|phpMyAdmin-2|php-my-admin|cms|clan|site|seite|page|forum|wbb2|board|wb b|archive|forumv2|forumv1|b0ard|f0rum|wbb1|wbb3|wb blite|directforum|board23|board2|board3|WBB|WBB2|h tml|phpkit|page|phpkit_1.6.1|clan|myadmin|webadmin |sqlweb|websql|webdb|mysqladmin|mysql-admin|phpmyadmin2|php-my-admin|phpMyAdmin-2.2.3|phpMyAdmin-2.2.6|phpMyAdmin-2.5.1|phpMyAdmin-2.5.4|phpMyAdmin-2.5.6|phpMyAdmin-2.6.0|phpMyAdmin-2.6.0-pl1|phpMyAdmin-2.6.2-rc1|phpMyAdmin-2.6.3|phpMyAdmin-2.6.3-pl1|phpMyAdmin-2.6.3-rc1|padmin|datenbank|ZenCart|cart|commerce|e-commerce|shop|stories|store|zc|dbadmin|typo3|datab ase|horde|horde2|horde3|horde-3.0.9|Horde|README|horde-3.0.9|adserver|phpAdsNew|phpadsnew|phpads|Ads|ads| xmlrpc|xmlsrv|blog|drupal|community|blogs|blogtest |appserver|roundcube|rc|mail|mail2|roundcubemail|r ms|webmail2|webmail|wm|bin|roundcubemail-0.1|roundcubemail-0.2|roundcube-0.1|roundcube-0.2|roun|cube|wp-login.php|ucp.php|\.asp|\.dll|\.exe|\.pl) |
10
bellchu 2014-12-15 14:06:01 +08:00
@y051313 看错了 你不是楼主 你的是404特征码
https://github.com/Glench/dotfiles/blob/master/conf/fail2ban/apache-404.conf |
11
bellchu 2014-12-15 14:08:38 +08:00 1
@y051313
[Definition] failregex = (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+ 404 [0-9]+ " ignoreregex = favicon\.ico fail2ban jail.conf里面把web服务的retry设的多一点 比如5到10次,以防误杀,但是如果不是下载站的话基本不会404误杀。 |
13
clino 2014-12-15 15:41:14 +08:00
|
14
20150517 2014-12-16 16:27:19 +08:00 via Android
给他个压缩包,让他下载下来,然后压缩包里放个html,比如叫admin_passwd.html,里面放个1px的img链接到网站,就能看到是谁这么无聊在扫了
|