被人扫描网站根目录|站长请务必勤分析IIS日志[血淋淋的例子]

Posted on 2009/10/27
by
in 关于本站
郑重提示:各位博友们,一定要注意查看IIS日志,和清除目录下的临时RAR文件。
最近在分析IIS日志,本想是了解各路蜘蛛的结网路线和频率,没想到有了新发现。
PS: 好友前些天就提到了关于自己网站被人狂扫登陆页面的事情。没想到我也是受害者,而且要惨。
直接上日志内容了
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-22 16:09:00
在这一天的日志中我  ctrl+F 搜索关键字 404   [也就是出错页面的意思]
得到了N多下面的日志:
2009-10-22 17:57:06 GET /ppnamirserver.rar – - 122.224.35.122 HTTP/1.1 Mozilla/4.0 – 404 0 46
2009-10-22 17:57:06 GET /mirserver.rar – - 122.224.35.122 HTTP/1.1 Mozilla/4.0 – 404 0 31
2009-10-22 17:57:06 GET /mirserver.rar – - 122.224.35.122 HTTP/1.1 Mozilla/4.0 – 404 0 31
2009-10-22 17:57:07 GET /jhrewolserver.rar – - 122.224.35.122 HTTP/1.1 Mozilla/4.0 – 404 0 31
2009-10-22 17:57:07 GET /wolserver.rar – - 122.224.35.122 HTTP/1.1 Mozilla/4.0 – 404 0 46
2009-10-22 17:57:07 GET /wolserver.rar – - 122.224.35.122 HTTP/1.1 Mozilla/4.0 – 404 0 46
2009-10-22 19:26:28 GET /wwwroot.rar – - 123.15.148.92 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+)
然后悲剧发生了,这个红色的RAR文件在我的根目录下却是存在,是我以前上传的一个战队首页的包。一直忘了删除。于是被人给下载了,至于里面的数据,还真的有点用呢。气死我了。于是开始找源头。
—————
首先可以肯定的是我的网站肯定没被入侵,只是机器人式的搜索,我中奖了而已。
PS: 日志中下载我 WWWROOT.RAR的IP 有很多个,我费解了,难不成"黑客"把它共享了?
且看这些日志:
2009-10-22 19:49:03 GET /wwwroot.rar – - 123.15.148.92 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+) http://bbs.zzchn.com/thread-204920-1-1.html 206 2048 45656
 
2009-10-23 05:04:49 GET /wwwroot.rar – - 123.15.57.62 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) http://bbs.haocx.net/viewthread.php?tid=6524&extra=page%3D1 206 6144 67312
看到其中的紫色部分了吧,这个就是访客的来源网页,进去后我完全明白了。
简直就是共享整站的帖子么
于是我百度了一下这方面的帖子,果然很多啊 呵呵 第二张截图是给大家炫的。
如图:
—————————
图与我无关 是别的论坛别人的,上面没有本站的源码。开心啊
————————

————————
补充扫描上传后台文件的日志:
2009-10-22 21:28:07 GET /zjfaUserReg.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 78
2009-10-22 21:28:08 GET /UserReg.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:08 GET /UserReg.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:08 GET /tiypupfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:08 GET /upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:08 GET /upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 78
2009-10-22 21:28:08 GET /admin/wicbupfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:08 GET /admin/upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 78
2009-10-22 21:28:09 GET /admin/upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:09 GET /admins/kwdjupfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:09 GET /admins/upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 78
2009-10-22 21:28:09 GET /admins/upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:09 GET /include/mnctupfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:09 GET /include/upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:09 GET /include/upfile_flash.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 78
2009-10-22 21:28:09 GET /CmsEditor/slxsadmin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /CmsEditor/admin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /CmsEditor/admin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /newsadmin/ubb/hryoadmin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /newsadmin/ubb/admin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /newsadmin/ubb/admin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /asp_bin/webeditor/bcwkadmin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /asp_bin/webeditor/admin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
2009-10-22 21:28:10 GET /asp_bin/webeditor/admin_login.asp – - 222.189.238.57 HTTP/1.1 Mozilla/4.0 – 404 0 93
版权所有© HzlzH | 本文采用 BY-NC-SA 进行授权
转载需注明 转自: 《被人扫描网站根目录|站长请务必勤分析IIS日志[血淋淋的例子]

随机文章

[ 12 Replies ]

{ Leave a Reply ? }

  1. Leo.N China Mozilla Firefox Windows 2009/11/04 at PM #

    我已经被扫描的麻木了。。。每10分钟内必有一次扫描。。。

    Reply
    • HzlzH China Internet Explorer Windows 2009/11/04 at PM #

      @Leo.N 10分钟一次…..就跟开了”超级力量”的拍拍熊一样暴力啊。
      喜欢你gravatar的头像,呼呼

      Reply
  2. houkai China Internet Explorer Windows 2009/11/05 at PM #

    我的 Micolog也被扫过 我也公布了 扫描路径!

    Reply
    • HzlzH China Internet Explorer Windows 2009/11/06 at AM #

      @houkai 你还好啦,关键是我被扫走了一个 wwwwroot.RAR文件,可惜了

      Reply
  3. Anonymous China Internet Explorer Windows 2009/11/20 at AM #

    不知道多搞几个 RAR 进去呀 人要家什么就给人家什么 不是喜欢扫么 放个远程控制软件进去

    Reply
    • HzlzH China Internet Explorer Windows 2009/11/20 at PM #

      你考虑的方法不全面。即使你放个 病毒RAR 包,人家24小时满负荷恶意重复下载。就是不双击,你不就哭了!
      cup负荷太大的

      Reply
  4. Anonymous China Maxthon Windows 2010/01/06 at AM #

    wwwlogs>type ex100105.log|find “222.189.237.135″ >IP.txt:
    2010-01-04 18:37:32 GET /rhyyUserReg.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:32 GET /UserReg.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:32 GET /UserReg.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:32 GET /xvovupfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:32 GET /upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:32 GET /upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:32 GET /admin/qgpkupfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:36 GET /admin/upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:36 GET /admin/upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:36 GET /admins/ldnkupfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:36 GET /admins/upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:36 GET /admins/upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:37 GET /include/hhtnupfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:37 GET /include/upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:37 GET /include/upfile_flash.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:37 GET /lavery_Edit/wdsoadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:37 GET /lavery_Edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:41 GET /lavery_Edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 4347
    2010-01-04 18:37:41 GET /CmsEditor/fbaaadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:42 GET /CmsEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:42 GET /CmsEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:42 GET /newsadmin/ubb/ioneadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:42 GET /newsadmin/ubb/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:42 GET /newsadmin/ubb/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:42 GET /asp_bin/webeditor/wuycadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:43 GET /asp_bin/webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:43 GET /asp_bin/webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:43 GET /admin/webeditor/ksgladmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:43 GET /admin/webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:43 GET /admin/webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:43 GET /manage/webeditor/xqphadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /manage/webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /manage/webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /webeditor/hpeuadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /webeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /admin/SouthidcEditor/vjqfadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /admin/SouthidcEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /admin/SouthidcEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /ewindoweditor/idozadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:44 GET /ewindoweditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /ewindoweditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /eWebEditor/axtxadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /eWebEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /eWebEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /admin/eWebEditor/txqjadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /admin/eWebEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /admin/eWebEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:45 GET /WebEdit/jwgyadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:47 GET /WebEdit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:47 GET /WebEdit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:47 GET /admin/WebEdit/tliladmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:50 GET /admin/WebEdit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 4347
    2010-01-04 18:37:50 GET /admin/WebEdit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:51 GET /manage/eWebEditor/ewstadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:51 GET /manage/eWebEditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:51 GET /edit/pysiadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:51 GET /edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:51 GET /edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:51 GET /admin/edit/chcxadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:52 GET /admin/edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:52 GET /admin/edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:52 GET /manage/edit/lunkadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:52 GET /manage/edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:52 GET /manage/edit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:55 GET /editor/yoakadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /editor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /editor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /admin/editor/vbdkadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /admin/editor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /admin/editor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /manage/editor/wxvladmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:58 GET /manage/editor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:59 GET /manage/editor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:59 GET /eWeb/scasadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:59 GET /eWeb/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:37:59 GET /eWeb/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:00 GET /admin/eWeb/vguuadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:05 GET /admin/eWeb/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:06 GET /admin/eWeb/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:06 GET /admin/htmledit/pfzfadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:06 GET /admin/htmledit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:06 GET /admin/htmledit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:06 GET /htmledit/dswsadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /htmledit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /htmledit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /htmleditor/gjrbadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /htmleditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /htmleditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /data/ewebeditor/mjodadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /data/ewebeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /data/ewebeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /admin888/ewebeditor/itifadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:07 GET /admin888/ewebeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:08 GET /admin888/ewebeditor/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:08 GET /admin/pro_admin/htmledit/tfuhadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:08 GET /admin/pro_admin/htmledit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:08 GET /admin/pro_admin/htmledit/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:08 GET /webadmin/webaction/muahadmin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:09 GET /webadmin/webaction/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0
    2010-01-04 18:38:09 GET /webadmin/webaction/admin_login.asp – 222.189.237.135 HTTP/1.1 Mozilla/4.0 – 404 0 0

    Reply
  5. 一木 China Maxthon Windows 2010/01/06 at AM #

    竟然是同一个人!

    添加封锁IP段: 222.189.0.0 222.189.255.255

    Reply
    • HzlzH China Internet Explorer Windows 2010/01/06 at AM #

      @一木 呵呵,巧了,我直接封锁那个C类地址了。叫他扫描我、哼!

      Reply
  6. Anonymous China 360 Browser Windows 2010/05/03 at PM #

    2010-05-02 12:46:06 W3SVC1876550859 GET /htmleditor/lrnaadmin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:06 W3SVC1876550859 GET /htmleditor/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:06 W3SVC1876550859 GET /htmleditor/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:10 W3SVC1876550859 GET /data/ewebeditor/gksnadmin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:10 W3SVC1876550859 GET /data/ewebeditor/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:10 W3SVC1876550859 GET /data/ewebeditor/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:10 W3SVC1876550859 GET /admin888/ewebeditor/ilxpadmin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /admin888/ewebeditor/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /admin888/ewebeditor/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC187655085 GET /admin/pro_admin/htmledit/dlrjadmin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /admin/pro_admin/htmledit/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /admin/pro_admin/htmledit/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /webadmin/webaction/vjapadmin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /webadmin/webaction/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:13 W3SVC1876550859 GET /webadmin/webaction/admin_login.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:17 W3SVC1876550859 GET /admin/mrjouppic.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:20 W3SVC1876550859 GET /admin/uppic.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:20 W3SVC1876550859 GET /admin/uppic.asp – 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    2010-05-02 12:46:20 W3SVC1876550859 GET /FCKeditor/editor/filemanager/connectors/asp/nlveconnector.asp Command=CreateFolder&Type=Image&CurrentFolder=%2Ffck.asp&NewFolderName=test&uuid=1244789975684 80 – 222.189.237.135 Mozilla/4.0 404 0 64
    我的站也被这个鸟人扫描过,鄙视他!~

    Reply
  7. Anonymous China Internet Explorer Windows 2010/10/05 at AM #

    :arrow: :?: :?: :?:

    Reply
  8. 恋羽 China Nokia 2011/01/10 at AM #

    我也中奖了,也在被人扫,不过我linux系统一堆人全扫rar和asp我都有点郁闷

    Reply

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">

:wink: :twisted: :roll: :oops: :mrgreen: :lol: :idea: :evil: :cry: :arrow: :?: :-| :-x :-o :-P :-D :-? :) :( :!: 8-O 8)