Web Server 安裝 phpMyadmin 之類的管理資料庫元件的朋友,請留意您 Server 上的 access.log 的記錄。這個暑期,網路上的 ZmEu Attack 頻率頗高,攻擊地點幾乎散佈世界各地,有來自美國、中國、歐州的 IP Address,連非洲地區也不例外。

 

ZmEu Attack 會在 Web Server 搜索一些類似 phpMyadmin 資料庫管理元件的一些安裝檔,並試圖入侵且製造後門在您的 Web Server 上,底下是截錄 access.log 的部份記錄內容:

  GET /admin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 302 20 "69.55.233.22" "ZmEu"
  GET /admin/pma/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /db/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /db/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /dbadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /dbadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /myadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /myadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /mysql/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /mysql/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /mysqladmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /mysqladmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /phpadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /phpadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /phpmyadmin1/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /phpmyadmin1/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /phpmyadmin2/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /phpmyadmin2/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /pma/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu"
  GET /pma/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"
  GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"

 

By tony

自由軟體愛好者~喜歡不斷的思考各種問題,有新的事物都會想去學習嘗試 做實驗並熱衷研究 沒有所謂頂天的技術 只有謙虛及不斷的學習 精進專業,本站主要以分享系統及網路相關知識、資源而建立。 Github http://stnet253.github.io

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料