PDA

Zobacz pełną wersję : czy to pruba ataku?



adamszmu
29-12-2006, 00:35
Witam ostatnio w statystykach bledow znajduje nastepujace wpisy


[Thu Dec 28 22:12:31 2006] [error] [client 216.246.41.94] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:11:59 2006] [error] [client 69.65.99.242] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:11:54 2006] [error] [client 69.65.99.242] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:11:32 2006] [error] [client 209.172.34.86] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:11:12 2006] [error] [client 69.65.99.242] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:10:52 2006] [error] [client 69.65.99.242] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:10:46 2006] [error] [client 216.246.41.94] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:10:42 2006] [error] [client 209.172.34.86] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:10:29 2006] [error] [client 216.246.41.94] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:10:20 2006] [error] [client 216.246.41.94] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:09:53 2006] [error] [client 83.143.85.50] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:09:52 2006] [error] [client 216.246.41.94] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:44 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:35 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:29 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:25 2006] [error] [client 83.143.85.50] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:20 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:19 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:14 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:13 2006] [error] [client 69.4.32.136] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:09 2006] [error] [client 85.19.150.85] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:05 2006] [error] [client 69.4.32.136] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:04 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:04 2006] [error] [client 72.3.230.4] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:08:02 2006] [error] [client 72.3.230.4] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:58 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:55 2006] [error] [client 72.3.230.4] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:33 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:32 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:28 2006] [error] [client 193.124.133.187] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:27 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:26 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:23 2006] [error] [client 193.93.22.78] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:23 2006] [error] [client 193.93.22.78] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:23 2006] [error] [client 193.93.22.78] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:23 2006] [error] [client 193.93.22.78] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:23 2006] [error] [client 193.93.22.78] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:14 2006] [error] [client 216.130.161.111] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:08 2006] [error] [client 193.124.133.187] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:08 2006] [error] [client 63.247.81.42] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:07:04 2006] [error] [client 63.247.81.42] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:57 2006] [error] [client 72.3.230.4] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:56 2006] [error] [client 69.4.32.136] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:53 2006] [error] [client 69.4.32.136] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:52 2006] [error] [client 72.3.230.4] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:51 2006] [error] [client 72.3.230.4] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:50 2006] [error] [client 72.29.86.127] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php
[Thu Dec 28 22:06:48 2006] [error] [client 69.4.32.136] File does not exist: /home/xxxxx/public_html/chat/inc/cmses/aedating4CMS.php


dodam ze te adresy IP ktore tu widnieja nie sa napewno adresami ludzi ktorzy przegladaja moja strone. I wyglada to jakmy ktos szukal pliku aedating4CMS.php

Moze ktos poradzi jak powinienem to traktowac i jakie srodi ostroznosci podjac zeby uniknac ewentualnego wlamania
pozdrawiam

Rybik
29-12-2006, 01:49
to jest dziura z komponentu Flash Chat:
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1420/exploit.html
poczytaj co i jak

stone
29-12-2006, 08:23
Roboty także na ślepo przeczedsują strony które wytypują jako Joomla sprawdzając w ciemno czy nie ma zainstalowanego danego dodatku, zakładam że u Ciebie chat nie więc nie masz się czym przejomować w tym przypadku. Oczywiście to znaczy że jesteś w jakiś sposób namierzony i powinieneś uważać co instalujesz jako dodatki.
Podstawową sprawą jest ustawienie register_globals na off załatwia to od ręki wiele problemów

adamszmu
29-12-2006, 11:50
dzieki za odpowiedzi
w sumie mam zainstalowanego falshchata ale w innej lokalizacji i nie jako integracja z joomla tylko z forum. jest to nowa wersja z plikami .htaccess ktore blokuja dostep do niektorych katalogow lacznie z katalogiem z aedating4CMS.php
register globals mam tez off.
wole sie jednak pomartwic na zapas bo nie chce zeby moja strona wygladala jak ta (http://www.manchester24.pl/).
Swoja droga sie zastanawiam czy jest mozliwosc zrobienia skryptu ktory by automatycznie dawal bana wszystkim IP ktore wypytuja o plik aedating4CMS.php
pozdrawiam

Rybik
29-12-2006, 15:02
koniecznie chcesz sam sobie sznur ukręcić ? :D przeciez taka liste banow mozna latwo w ten sposob zaspamowac. Nie buduj tu wlasnej antyrakiety tylko poczytaj material ktory ci podeslalem, znajdziesz tam m.in. wersje 4.5.7 w ktorej dziura ta zostala zalatana.

adamszmu
29-12-2006, 17:23
oczywiście przeczytalem i mam nowa wersje flashchata.
Moj pomysl wziął sie stąd ze
"IP" ktore prubuja sie włamac na moja strone i nie dostana czego chca beda prubowaly to zrobic jeszcze raz w inny sposob, dlatego pomyslalem ze dodanie tych adresow do .htaccess jako deny by uchronilo moja strone przed przed prubami atakow z tych samych komputerow.

Rybik
29-12-2006, 17:45
Recznie jak najbardziej, chodzilo mi o to ze automatyzacja banowania przez htaccess moze byc ryzykowna. Ciekawe czy moznaby podstawic tam jakis spreparowany plik :D nieduzy bo nam transfer urwie aaaale moze jakis link/redirect ? np do smietniska linkow zeby sie zapetlil
pomazyc zawsze mozna ;)

tyllko warto pamietac ze skrypt (nazwijmy go roboczo wrogim) moze poslugiwac sie innymi zdalnymi tzn ze kazdy zarazony (dziurawy) flashchat jest potencjalna bramka dla skryptow wlasciwych co jest bardzo popularnym procederem.