Tema: sobrecargas apache y logs extraños
Ver Mensaje Individual
  #1 (permalink)  
Antiguo 05/04/2011, 06:06
CreoTec
(Desactivado)
  
Fecha de Ingreso: octubre-2009
Mensajes: 85
Antigüedad: 14 años, 6 meses
Puntos: 1
sobrecargas apache y logs extraños
que son estos logs ?

Proximadamente cada minuto
Código: 
174.123.174.34 - - [05/Apr/2011:03:41:14 +0200] "POST http ://yourinfo.any-request-allowed.com/ HTTP/1.1" 200 565 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
y luego estos:

Código: 
61.47.35.40 - - [03/Apr/2011:17:57:11 +0200] "GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:11 +0200] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:12 +0200] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:12 +0200] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:12 +0200] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 288 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:13 +0200] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:14 +0200] "GET /websql/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:14 +0200] "GET /webdb/scripts/setup.php HTTP/1.1" 404 285 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:15 +0200] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:15 +0200] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:15 +0200] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:16 +0200] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:17 +0200] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:17 +0200] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:18 +0200] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:19 +0200] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:20 +0200] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:20 +0200] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:21 +0200] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:22 +0200] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:22 +0200] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:23 +0200] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:24 +0200] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:25 +0200] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:28 +0200] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:29 +0200] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:30 +0200] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 302 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:30 +0200] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:31 +0200] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:32 +0200] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:33 +0200] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:33 +0200] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:34 +0200] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:35 +0200] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 298 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:36 +0200] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 300 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:36 +0200] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:40 +0200] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 296 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:41 +0200] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:41 +0200] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 292 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:42 +0200] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 285 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:43 +0200] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 287 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:44 +0200] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 287 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:44 +0200] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:45 +0200] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:46 +0200] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:46 +0200] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 288 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:47 +0200] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:51 +0200] "GET /websql/scripts/setup.php HTTP/1.1" 404 286 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:51 +0200] "GET /webdb/scripts/setup.php HTTP/1.1" 404 285 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:52 +0200] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 290 "-" "ZmEu"
61.47.35.40 - - [03/Apr/2011:17:57:53 +0200] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 291 "-" "ZmEu"
94.76.115.103 - - [03/Apr/2011:18:42:32 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
94.76.115.103 - - [03/Apr/2011:18:42:32 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
Código: 
46.161.11.245 - - [05/Apr/2011:10:41:14 +0200] "POST http://myinfo.any-request-allowed.com/?strGet=get7706 HTTP/1.1" 200 565 "-" "-"
193.105.210.11 - - [05/Apr/2011:11:15:25 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
193.105.210.11 - - [05/Apr/2011:11:15:25 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
193.105.210.11 - - [05/Apr/2011:12:33:08 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
193.105.210.11 - - [05/Apr/2011:12:33:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-"
Código: 
85.14.217.19 - - [02/Apr/2011:23:03:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
85.14.217.19 - - [02/Apr/2011:23:03:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
213.172.77.64 - - [02/Apr/2011:23:25:43 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
213.172.77.64 - - [02/Apr/2011:23:25:46 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /" 400 549 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 283 "-" "-"
173.203.50.210 - - [03/Apr/2011:03:46:09 +0200] "GET /" 400 549 "-" "-"
86.105.36.244 - - [03/Apr/2011:04:02:31 +0200] "GET /admin/cdr/counter.txt HTTP/1.1" 404 284 "-" "-"
86.105.36.244 - - [03/Apr/2011:04:02:31 +0200] "GET /admin/cdr/counter.txt HTTP/1.1" 404 284 "-" "-"
y muchos mas en este estilo, ademas me di cuenta de que corresponden mas o menos con la hora cuando se me sobrecarga apache. Y ademas es que todas las IP son de rumania , alemania, china, Estados unidos, que es imposible que yo tenga visitas de estos paises ya que el servidor es nuevo y aun ni me dio tiempo a subir las paginas web, de momento solo tengo una web de un colegio que esta esperando un rediseño y solo tiene visitas de Toledo.

He repasado todo el log access_log, y he encontrado como 9 dirreciones ip extrañas de diferentes países ( Rumania, China , etc... a y todos tiene algo en comun, el:
Código: 
w00tw00t.at.ISC.SANS.DFind:)
Puede ser esta la culpa de la sobrecarga de apache ?
Espero vuestros comentarios amigos ;)
Aver si juntos podemos solucionar este problema que no me deja dormir tranquilo .