Serwer www - co jest grane?

03.02.2007

23:49

[1]

req_ [ has aides ]

Serwer www - co jest grane?

Mam na swoim kompie postawiony serwer Apache (zewn. ip) i przez caly dzisiajszy dzien dzieje mi sie cos dziwnego. Oto fragmenty logów:

error.log, ktory ma az 20MB po jednej nocy:

[Sat Feb 03 23:34:51 2007] [error] [client 222.240.181.62] request failed: erroneous characters after protocol string: GET var pp_gemius_identifier = new String(/ HTTP/1.1
[Sat Feb 03 23:34:53 2007] [error] [client 218.76.89.55] request failed: erroneous characters after protocol string: GET var pp_gemius_identifier = new String(/ HTTP/1.1
[Sat Feb 03 23:34:53 2007] [error] (13)Permission denied: proxy: error deleting old cache file c:/usr/Apache/proxy/z/q/2/p0d01zehbgjkrao3r2ooeyc
[Sat Feb 03 23:34:55 2007] [error] [client 59.56.111.227] Invalid method in request \\x04\\x01
[Sat Feb 03 23:35:20 2007] [error] (13)Permission denied: proxy: error deleting old cache file c:/usr/Apache/proxy/1/2/o/ptz5qzleoha4ncvvnhn25pf
[Sat Feb 03 23:35:29 2007] [error] [client 222.240.181.62] request failed: erroneous characters after protocol string: GET var pp_gemius_identifier = new String(/ HTTP/1.1

access.log, rowniez ponad 20MB:

218.83.188.37 - - [03/Feb/2007:23:43:36 +0100] "GET HTTP/1.0" 200 220 " "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
211.175.163.17 - - [03/Feb/2007:23:43:37 +0100] "GET HTTP/1.1" 302 0 "http%3A%2F%2Fwww.sheknows.com%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
220.227.148.10 - - [03/Feb/2007:23:43:37 +0100] "GET HTTP/1.1" 302 0 " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 2.0.40"


Domyślam się, że to jakiś atak? Jak przed tym uchronić się? Dzieje się to non stop dzisiaj. Tylko wlacze apache to odrazu logi zapelniaja sie tymi dostępami...

req_ [ has aides ]

Aha, a w katalogu "proxy" potworzyl mi sie caly alfabet folderowy. Od 0 do z i w kazdym z nich kolejne folderki tak samo nazwane. W nich pliki "lq3vkcainexeac0gmzgg3oh" z:

0000000045C50ACE 000000004579056A 0000000045C65C55 0000000000000001 0000000045C50AD2 0000000045C50AD5 0000000000000383
X-URL:
Accept: image/gif, image/jpeg, */*
Accept-Language: en-us
Cookie: PHPSESSID=165470c9f041e4eff802189373a6cd0a; __utma=1.1543519401.1170540964.1170540964.1170540964.1; __utmb=1; __utmc=1; __utmz=1.1170540964.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Host: www.bestgamearcade.com
Referer:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

HTTP/1.1 200 OK
Date: Sat, 03 Feb 2007 22:21:02 GMT
Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a
Last-Modified: Fri, 08 Dec 2006 06:25:46 GMT
ETag: "1a64bfb-383-4579056a"
Accept-Ranges: bytes
Content-Length: 899
Content-Type: image/png
Via: 1.1 req.pl

‰PNG


IHDR   ó˙a gAMA ŻČ7Šé tEXtSoftware Adobe ImageReadyqÉe< IDATxÚ”S[hUţÎ9sŰť™M˛ŰtsŰlšM›6¬m@!AđŇ
í&#131;xˇ (‚&#136;›ďKiˇ"H_-öADôˇŕ&#131;âÝ—ú˘řfˇJ$mZŰiMÓ´Ť1Iwg6;÷ť˙ř`IńAř9sľďüß÷ťĂŽ?&#131;RŹÁ5Ý|±­őŰж텬 žŇ^˙­ű§?¸F18gx¸$Î2ŃîHoŢÖ&ŢŐ˘k›
UüŚIä˝Á¬Ë“ßçŹpŽű‚0aĎ®w?r޸ŻÎjĂ)tŤŔ
Đ´c(j˙ÔĐšë|`_ž‹2ălŘJÂ[Ü<ŞŽŤł‘Á»Ę‹»9
TI†™ˇ·O ˙ńz-ćüyßőá––<ĄçŃňvy-E‘FTŁ˛ĚPĘ3&#131;Â2vbV–9öƇBQ¶Jč(¦šWRŘN‚Ů E>Ď1Pŕ yÚ d´IpDAh8­6dő!‚¸ůGŔd‘K˘)ˇň9š‚$p–6 ¨Ł$EŰvěÖ†K¦uŔhŞ<¸o]şŕ5Z&#136;!Ć@JQ…ô&#131;Ľ„I]!YW~šĹŇ½s>&#129;;ľŤČsş‚¶a&#136;âăň+‹LĘ9•˙ˇ!
9—ĽÖláěűź!đă÷X‹Oé3Řž-Áˇş‹ĺňřťćÂŤß÷MÔÔnşEĄřÚ•|ôîÇ\C›(©LzçFĽ&#152;]őĂĚóČě J!1ş!ižťűú‹Kw~™96P«LĺtMxk
ű®uëŰJeřb±›¤–ť?<şŁđŚwµůXś*ŻeČ쌒6Ť`BĐgúłłĽü2Ë( S‡˝ü'Z
;3&#136;ß>ď«˝T=\ß˙*”Ż>›nőBó“G~ť ë›DB=ÝĐrâ @
Ł]-k3–uŁˇ—G+Ó‹žž†a[»nÝvwŻşâÇ”—$ä
&˝%™vɸĂ˝2ŚöőxĹNżżxŢę«Nď;4…>˙ćřüMwśă?–Ş&#136;lµŮ9qúÔ7gććm&#152;“O€—Ş/Hř%Ë"n´’“ďĽőĺHq¬~ĐbSżţ%Ŕ ŰŃCa+Q˛ IEND®B`‚