apache error_log 中非常奇怪的条目。这是一次利用钓鱼的远征吗?
Very weird entry in apache error_log. Is this an exploit fishing expedition?
当这个巨大的块通过时,我正在跟踪我的 apache 错误日志。以前从未见过这样的东西。 IP 映射到 RIPE 网络协调中心,带有一个邮政信箱
linkhere
这是我应该进一步研究的东西吗?谷歌搜索时我找不到太多关于这个的信息,除了 RIPE 似乎是一个 ISP。
[Tue Mar 15 21:34:44.775251 2016] [core:error] [pid 22280] (36)File name too long: [client 93.113.125.12:44444] AH00036: access to /we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages failed (filesystem path '/var/www/html/we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages')
我刚刚也从同一个 IP 收到了这个请求。我没有看到很多其他人在谈论它,所以我猜它是新的。
我假设它是一个寻找不安全公共管理页面的机器人,实际的请求文本对于查看日志的网站管理员来说有点像个笑话。
发出这些请求的脚本与请求 URL 所说的完全相同。它将请求发送到大量 IP 地址、IP 地址范围列表,甚至在某些情况下 每个 互联网上的 IP 地址。它记录地址 returns 是否带有状态代码 - 表示该地址有 Web 服务器 运行。
尚不清楚将如何处理这些信息。也许如果他们得到回应,他们会将您列入名单以供进一步调查。这其实很常见。
除非您在某些管理实用程序(wordpress、drupal、phpmyadmin 等)上使用默认密码,否则这些事情是无害的。如果您开始受到这些请求的轰炸,您可能需要使用更高级的硬件或软件防火墙,审计您的公开开放端口,并可能开始限制 IP 范围。
http://who.is/whois-ip/ip-address/93.113.125.12
如果这种情况持续存在,您可以随时向来源的 ISP 报告该事件。
当这个巨大的块通过时,我正在跟踪我的 apache 错误日志。以前从未见过这样的东西。 IP 映射到 RIPE 网络协调中心,带有一个邮政信箱
linkhere
这是我应该进一步研究的东西吗?谷歌搜索时我找不到太多关于这个的信息,除了 RIPE 似乎是一个 ISP。
[Tue Mar 15 21:34:44.775251 2016] [core:error] [pid 22280] (36)File name too long: [client 93.113.125.12:44444] AH00036: access to /we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages failed (filesystem path '/var/www/html/we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages_we_are_looking_for_not_found_pages')
我刚刚也从同一个 IP 收到了这个请求。我没有看到很多其他人在谈论它,所以我猜它是新的。
我假设它是一个寻找不安全公共管理页面的机器人,实际的请求文本对于查看日志的网站管理员来说有点像个笑话。
发出这些请求的脚本与请求 URL 所说的完全相同。它将请求发送到大量 IP 地址、IP 地址范围列表,甚至在某些情况下 每个 互联网上的 IP 地址。它记录地址 returns 是否带有状态代码 - 表示该地址有 Web 服务器 运行。
尚不清楚将如何处理这些信息。也许如果他们得到回应,他们会将您列入名单以供进一步调查。这其实很常见。
除非您在某些管理实用程序(wordpress、drupal、phpmyadmin 等)上使用默认密码,否则这些事情是无害的。如果您开始受到这些请求的轰炸,您可能需要使用更高级的硬件或软件防火墙,审计您的公开开放端口,并可能开始限制 IP 范围。
http://who.is/whois-ip/ip-address/93.113.125.12
如果这种情况持续存在,您可以随时向来源的 ISP 报告该事件。