- 论坛徽章:
- 0
|
各位:
我公司服务器采用rhel4 + postfix2.2.10 +openwebmail2.51+httpd2.0.52-9搭建了一个webmail,这两天在查看apache的access.log时,发现可疑日志,比如:
61.142.248.150 - - [09/Jul/2007:14:22:00 +0800] "GET http://data.alexa.com/data?cli=1 ... talled&amzn_id= HTTP/1.1" 301 555 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; FunWebProducts; .NET CLR 2.0.50727; Alexa Toolbar)"
61.135.166.231 - - [09/Jul/2007:16:37:53 +0800] "GET /mrtg/11.22.33.44_2.html HTTP/1.1" 200 6866 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
202.103.67.57 - - [09/Jul/2007:17:19:08 +0800] "GET http://www.weibing.com.cn/Editor ... 1w2e3r4t5y6u7i8o9p0*a-b?hash=529C06014892EAE2DCE708391F90173D8CC843B4F65A HTTP/1.0" 404 325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
202.103.67.57 - - [09/Jul/2007:19:51:35 +0800] "GET http://www.weibing.com.cn/Editor ... 1w2e3r4t5y6u7i8o9p0*a-b?hash=529C06014892EAE2DCE708391F90173D8CC843B4F65A HTTP/1.0" 404 325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
222.222.72.244 - - [11/Jul/2007:22:53:04 +0800] "GET http://yf163.cn/ip88.php HTTP/1.0" 404 281 "http://www.cashsoldier.com/VerifyerLevel.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"222.222.72.244 - - [11/Jul/2007:22:53:04 +0800] "GET http://www.yahoo.com/ HTTP/1.0" 200 5625 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
222.222.72.244 - - [12/Jul/2007:02:14:25 +0800] "GET http://yf163.cn/ip88.php HTTP/1.0" 404 281 "http://www.cashsoldier.com/VerifyerLevel.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"222.222.72.244 - - [12/Jul/2007:02:14:25 +0800] "GET http://www.yahoo.com/ HTTP/1.0" 200 5626 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
这些都不是我们公司的网站域名,打开http://www.weibing.com.cn/Editor ... 1w2e3r4t5y6u7i8o9p0*a-b?hash=529,显示如下页面:
q1w2e3r4t5y6u7i8o9p0*a-b?hash=529
HTTP_PROXY_CONNECTION:
HTTP_X_FORWARDED_FOR:
HTTP_VIA:
HTTP_MAX_FORWARDS:
REMOTE_ADDR=219.131.234.139
REMOTE_HOST=219.131.234.139
HTTP_PC_REMOTE_ADDR=
HTTP_X_FWD_IP_ADDR=
HTTP_CONNECTION=
VIA:
HTTP_FORWARDED:
FORWARDED:
HTTP_X_BLUECOAT_VIA:
HTTP_PROXY____:
HTTP_PROXY___________:
HTTP_X_HOST:
HTTP_X_REFERER:
HTTP_X_SERVER_HOSTNAME:
PROXY_HOST:
PROXY_PORT:
PROXY_REQUEST:
HTTP_CLIENT_IP:
HTTP_PRAGMA:
super or gateway or noproxy
Level:1
代理级别=超级代理
超级代理1=超级代理
代理级别=超级代理q1w2e3r4t5y6u7i8o9p0*a-b?hash=529
打开http://yf163.cn/ip88.php页面,显示如下:
----------------------------------------
Warning: gethostbyaddr() [function.gethostbyaddr]: Address is not in a.b.c.d form in d:\vhost\yfd8927868\682\www\ip88.php on line 118
REMOTE_HOST=
REMOTE_ADDR=
----------------------------------------
CS_ProxyJudge Result=HIGH_ANONYMITY
----------------------------------------
而last,lastlog显示正常,请教各位,我是否被入侵了,我该如何处理?谢谢! |
|
免费注册
发表于 2007-07-12 15:53