Beitragsseiten

Seite 2 von 4

 

Für mich galt als Einfallstor der Webserver. Also wurden die Logdateien diesbezüglich in Augenschein genommen. Dabei fielen mir Zugriffe auf, die auf eine Datei verwiesen, die ich niemals zur Verfügung gestellt hatte (60.php). Laut Protokoll wurde die Datei aus dem Homeverzeichnis für einen Virenscanner aufgerufen... An dieser Stelle nachgesehen, wurde ich fündig. Es war ein PHP-Script einer Hacker-Shell. Ich habe sie nicht im einzelnen analysiert, dennoch war klar, dass dieses Script Tür und Tor geöffnet hat. Die relevanten Zeilen des Protokolls sehen so aus. Die IP-Adresse lasse ich bewusst drin stehen, damit ihr wisst, dass von dort nichts gutes zu erwarten ist! Sperrt lieber gleich den Zugang komplett!

 

 

84.52.181.37 - - [28/Jan/2007:00:51:59 +0100] "GET / HTTP/1.1" 200 583 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:00 +0100] "GET /favicon.ico HTTP/1.1" 200 1142 "http://217.197.85.236/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:03 +0100] "GET /home/ HTTP/1.1" 200 15947 "http://217.197.85.236/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:03 +0100] "GET /home/images/favicon.ico HTTP/1.1" 200 1142 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:04 +0100] "GET /home/templates/torquebiz/css/template_css.css HTTP/1.1" 200 9226 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:05 +0100] "GET /home/templates/torquebiz/images/greyline.jpg HTTP/1.1" 200 494 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:05 +0100] "GET /home/modules/js/ajax.js HTTP/1.1" 200 3988 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:05 +0100] "GET /home/images/stories/mono-logo.png HTTP/1.1" 200 3944 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:05 +0100] "GET /home/templates/torquebiz/images/thheader.jpg HTTP/1.1" 200 631 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:06 +0100] "GET /home/templates/torquebiz/images/dotbar.jpg HTTP/1.1" 200 4809 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:06 +0100] "GET /home/images/stories/vbox50.png HTTP/1.1" 200 6525 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:07 +0100] "GET /home/images/M_images/rss091.gif HTTP/1.1" 200 224 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/images/M_images/rss10.gif HTTP/1.1" 200 218 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/components/com_docman/themes/default/images/icons/16x16/generic.png HTTP/1.1" 200 1300 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/templates/torquebiz/images/bigheader.png HTTP/1.1" 200 146845 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/templates/torquebiz/images/readon.gif HTTP/1.1" 200 67 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/images/M_images/rss20.gif HTTP/1.1" 200 219 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/images/M_images/opml.png HTTP/1.1" 200 288 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:09 +0100] "GET /home/templates/torquebiz/images/bottomhr.jpg HTTP/1.1" 200 497 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:11 +0100] "GET /home/templates/torquebiz/images/dotbar_inv.jpg HTTP/1.1" 200 4420 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:11 +0100] "GET /home/images/M_images/rss20.gif HTTP/1.1" 200 219 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:11 +0100] "GET /home/templates/torquebiz/images/dotbar_inv.jpg HTTP/1.1" 200 4420 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:11 +0100] "GET /home/~clamav HTTP/1.1" 404 2687 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:13 +0100] "GET /home/components/com_docman/themes/default/images/icons/16x16/generic.png HTTP/1.1" 200 1300 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:13 +0100] "GET /home/templates/torquebiz/images/dotbar_inv.jpg HTTP/1.1" 200 4420 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:13 +0100] "GET /home/images/M_images/rss20.gif HTTP/1.1" 200 219 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:15 +0100] "GET /home/images/stories/clamklein.png HTTP/1.1" 200 12448 "http://217.197.85.236/home/" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:16 +0100] "GET /baerlin/vorlagen/homepage.css HTTP/1.1" 200 2279 "http://217.197.85.236/home/~clamav" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:16 +0100] "GET /baerlin/images/Baerlin-BBS-Wappen.gif HTTP/1.1" 200 5689 "http://217.197.85.236/home/~clamav" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:17 +0100] "GET /favicon.ico HTTP/1.1" 200 1142 "http://217.197.85.236/home/~clamav" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:19 +0100] "GET /~clamav HTTP/1.1" 301 756 "-" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:52:19 +0100] "GET /~clamav/ HTTP/1.1" 200 690 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:19 +0100] "GET /icons/blank.gif HTTP/1.1" 200 148 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:20 +0100] "GET /icons/back.gif HTTP/1.1" 200 216 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:20 +0100] "GET /favicon.ico HTTP/1.1" 200 1142 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:58 +0100] "GET /~clamav/ HTTP/1.1" 200 730 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:58 +0100] "GET /icons/blank.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:58 +0100] "GET /icons/back.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:59 +0100] "GET /icons/unknown.gif HTTP/1.1" 200 245 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:59 +0100] "GET /favicon.ico HTTP/1.1" 200 1142 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:52:59 +0100] "GET /~clamav/60.php HTTP/1.1" 200 331 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:03 +0100] "GET /~clamav/60.php HTTP/1.1" 200 331 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:04 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:07 +0100] "GET /~clamav/ HTTP/1.1" 200 729 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:07 +0100] "GET /icons/blank.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:07 +0100] "GET /icons/back.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:07 +0100] "GET /icons/unknown.gif HTTP/1.1" 304 - "http://baerlin.in-dsl https://indipill.com/fi/geneerinen-levitra-intiasta/.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:07 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:08 +0100] "GET /~clamav/ HTTP/1.1" 200 729 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:08 +0100] "GET /icons/blank.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:08 +0100] "GET /icons/back.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:08 +0100] "GET /icons/unknown.gif HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:08 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:09 +0100] "GET /~clamav/60.php HTTP/1.1" 200 331 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:22 +0100] "GET /~clamav/60.php HTTP/1.1" 200 331 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:23 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:23 +0100] "GET /~clamav/60.php HTTP/1.1" 200 331 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:24 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:48 +0100] "GET /~clamav/60.php HTTP/1.1" 200 332 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:53:49 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:54:21 +0100] "GET /~clamav/60.php HTTP/1.1" 200 5398 "http://baerlin.in-dsl.de/~clamav/" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:54:22 +0100] "GET /~clamav/60.php?img=1 HTTP/1.1" 200 391 "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:54:23 +0100] "GET /~clamav/60.php?img=2 HTTP/1.1" 200 391 "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:54:24 +0100] "GET /favicon.ico HTTP/1.1" 304 - "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:54:49 +0100] "POST /~clamav/60.php HTTP/1.1" 200 5362 "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:54:53 +0100] "POST /~clamav/60.php HTTP/1.1" 200 5396 "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:55:02 +0100] "POST /~clamav/60.php HTTP/1.1" 200 5284 "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:55:51 +0100] "GET /~clamav/.php HTTP/1.1" 404 2688 "-" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:55:51 +0100] "GET /baerlin/vorlagen/homepage.css HTTP/1.1" 200 2279 "http://baerlin.in-dsl.de/~clamav/.php" "Opera/9.02 (X11; Linux i686; U; en)"
84.52.181.37 - - [28/Jan/2007:00:55:51 +0100] "GET /baerlin/images/Baerlin-BBS-Wappen.gif HTTP/1.1" 200 5689 "http://baerlin.in-dsl.de/~clamav/.php" "Opera/9.02 (X11; Linux i686; U; en)"

84.52.181.37 - - [28/Jan/2007:00:56:23 +0100] "POST /~clamav/60.php HTTP/1.1" 200 5319 "http://baerlin.in-dsl.de/~clamav/60.php" "Opera/9.02 (X11; Linux i686; U; en)"

 


 

Du darfst keine Kommentare posten!

Berlin/Brandenburg Nachrichten

Tagesschau

Die aktuellen Beiträge der Seite https://www.tagesschau.de/infoservices/alle-meldungen-100.html

Wetter

Das Wetter in Mahlow