0
Kayıt Ol

Sunucuma saldiri aliyorum

1

503

  • 11-03-2013, 00:00:44
    #1
    BirBilen
    BirBilen
    Üyeliği durduruldu
    Sunucularimdan birine ciddi bir get atak saldirisi aliyorum loglara baktigimda bu cikiyor nasil bir yol izlenebilir. (litespeed-clondflare system kurulu olmasina ragmen etkileniyor)

    Alıntı
    46.55.145.18 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://www.odnoklassniki.ru/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
    78.108.243.151 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "en-en,en;q=0.8,en-us;q=0.5,en;q=0.3" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
    196.205.193.78 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://er.ru/" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0 ; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0"
    85.230.123.230 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-us" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
    188.254.214.112 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://www.rfs.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)"
    188.254.214.112 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "az-us" "Opera/8.00 (Windows NT 5.1; U; en)"
    46.55.145.18 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://www.gofuckbiz.com/" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0 ; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0"
    158.58.214.78 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "text/html, */*" "Opera/8.00 (Windows NT 5.1; U; en)"
    196.205.193.78 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://www.rfs.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    89.215.93.124 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "kz-ua" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)"
    217.174.53.237 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "application/xml, */*" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
    77.242.27.14 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "text/x-dvi; q=.8; mxb=100000; mxt=5.0, text/x-c" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)"
    82.21.228.132 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "us-en" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)"
    78.90.220.31 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://www.odnoklassniki.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)"
    46.40.76.42 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://mvd.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)"
    77.242.27.14 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "image/png,*/*" "Opera/7.60 (Windows NT 5.2; U) [en] (IBM EVV/3.0/EAK01AG9/LE)"
    95.158.128.106 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "zh, en-us; q=0.8, en; q=0.6" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
    90.154.149.66 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-us,en;q=0.5" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)"
    95.158.128.106 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://www.niagarastar.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)"
    31.13.214.156 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "application/xml, image/png, text/html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)"
    196.205.193.78 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://www.odnoklassniki.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
    46.237.90.150 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-us,en;q=0.5" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)"
    90.154.149.66 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "text/x-dvi; q=.8; mxb=100000; mxt=5.0, text/x-c" "Opera/7.54 (Windows NT 5.1; U) [pl]"
    188.254.214.112 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "application/xml, image/png, text/html" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0 ; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0"
    46.240.150.218 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "text/html, */*" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
    77.244.205.59 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-us" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
    78.90.220.31 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "az-ua" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
    46.55.145.18 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://www.odnoklassniki.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]"
    85.230.123.230 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://pvppw.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)"
    77.78.11.191 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://er.ru/" "Opera/8.00 (Windows NT 5.1; U; en)"
    77.78.11.191 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-en,en;q=0.8,en-us;q=0.5,en;q=0.3" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)"
    85.230.123.230 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "text/x-dvi; q=.8; mxb=100000; mxt=5.0, text/x-c" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)"
    85.230.123.230 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-us,en;q=0.5" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET CLR 2.0.50727)"
    77.244.205.59 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://mvd.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)"
    188.254.165.125 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "text/x-dvi; q=.8; mxb=100000; mxt=5.0, text/x-c" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)"
    78.108.243.151 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://zhyk.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)"
    98.254.65.9 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://kremlin.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    213.226.63.152 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://fc-zenit.ru/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)"
    188.254.165.125 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://www.pfc-cska.com/splash/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)"
    31.13.214.156 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://kremlin.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET CLR 2.0.50727)"
    78.90.220.31 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "text/html, */*" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
    188.254.165.125 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "en-us,en;q=0.5" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
    188.254.214.112 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://kremlin.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
    89.215.93.124 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "en-us,en;q=0.5" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00"
    87.97.154.204 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "text/x-dvi, text/x-c, application/xml, text/html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)"
    46.254.133.24 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://www.gofuckbiz.com/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
    217.174.53.237 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "http://www.rfs.ru/" "Opera/7.60 (Windows NT 5.2; U) [en] (IBM EVV/3.0/EAK01AG9/LE)"
    46.55.145.18 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 403 380 "http://www.gofuckbiz.com/" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)"
    98.254.65.9 - - [11/Mar/2013:00:42:16 +0300] "GET /script.php HTTP/1.1" 404 389 "application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00"
  • 11-03-2013, 00:05:33
    #2
    MahsumCelik
    MahsumCelik
    rootladığı sitelerden saldırıyolar yamultur diye bir program varı onun web versiyonu gibi bişey sanırım.

    syn çıktısını atarmısınız