在 Web Server 安裝 phpMyadmin 之類的管理資料庫元件的朋友,請留意您 Server 上的 access.log 的記錄。這個暑期,網路上的 ZmEu Attack 頻率頗高,攻擊地點幾乎散佈世界各地,有來自美國、中國、歐州的 IP Address,連非洲地區也不例外。
ZmEu Attack 會在 Web Server 搜索一些類似 phpMyadmin 資料庫管理元件的一些安裝檔,並試圖入侵且製造後門在您的 Web Server 上,底下是截錄 access.log 的部份記錄內容:
GET /admin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 302 20 "69.55.233.22" "ZmEu" GET /admin/pma/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /db/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /db/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /dbadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /dbadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /myadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /myadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /mysql/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /mysql/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /mysqladmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /mysqladmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /phpadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /phpadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /phpmyadmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /phpmyadmin1/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /phpmyadmin1/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /phpmyadmin2/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /phpmyadmin2/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /pma/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.22" "ZmEu" GET /pma/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu" GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" "69.55.233.23" "ZmEu"