English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận hệ điều hành *nix Thắc mắc về 1 đoạn log trong error_log apache và cách khắc phục.  XML
  [Question]   Thắc mắc về 1 đoạn log trong error_log apache và cách khắc phục. 06/11/2012 10:04:45 (+0700) | #1 | 270772
tphau
Member
[Minus]    0    [Plus]
Joined: 09/07/2012 22:42:15
Messages: 6
Offline
[Profile] [PM]
Hi,
Mình có 1 server CentOS đang chạy dịch vụ web.
Gần đây xem access log & error log của apache thì thấy có 1 IP request trả về log như thế này:

Code:
GET /link.php%3fM%3d202679%26N%3d2318%26L%3d780%26F%3dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%253fM%253d202679%2526N%253d2318%2526L%253d780%2526F%253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%25253fM%25253d202679%252526N%25253d2318%252526L%25253d780%252526F%25253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%2525253fM%2525253d202679%25252526N%2525253d2318%25252526L%2525253d780%25252526F%2525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%252525253fM%252525253d202679%2525252526N%252525253d2318%2525252526L%252525253d780%2525252526F%252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%25252525253fM%25252525253d202679%252525252526N%25252525253d2318%252525252526L%25252525253d780%252525252526F%25252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%2525252525253fM%2525252525253d202679%25252525252526N%2525252525253d2318%25252525252526L%2525252525253d780%25252525252526F%2525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%252525252525253fM%252525252525253d202679%2525252525252526N%252525252525253d2318%2525252525252526L%252525252525253d780%2525252525252526F%252525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%25252525252525253fM%25252525252525253d202679%252525252525252526N%25252525252525253d2318%252525252525252526L%25252525252525253d780%252525252525252526F%25252525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4;AskTbFXTV5/5.15.4.23821)"
GET /link.php%2525252525252525253fM%2525252525252525253d202679%25252525252525252526N%2525252525252525253d2318%252525252
52525252526L%2525252525252525253d780%25252525252525252526F%2525252525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;GTB7.4;AskTbFXTV5/5.15.4.23821)"
GET /link.php%252525252525252525253fM%252525252525252525253d202679%2525252525252525252526N%252525252525252525253d2318%2
525252525252525252526L%252525252525252525253d780%2525252525252525252526F%252525252525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%25252525252525252525253fM%25252525252525252525253d202679%252525252525252525252526N%25252525252525252525253d2318%252525252525252525252526L%25252525252525252525253d780%252525252525252525252526F%25252525252525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%2525252525252525252525253fM%2525252525252525252525253d202679%25252525252525252525252526N%2525252525252525252525253d2318%25252525252525252525252526L%2525252525252525252525253d780%25252525252525252525252526F%2525252525252525252525253dH HTTP/1.1" 404 1312 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%252525252525252525252525253fM%252525252525252525252525253d202679%2525252525252525252525252526N%252525252525252525252525253d2318%2525252525252525252525252526L%252525252525252525252525253d780%2525252525252525252525252526F%252525252525252525252525253dH HTTP/1.1" 404 1312 "-""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"
GET /link.php%25252525252525252525252525253fM%25252525252525252525252525253d202679%252525252525252525252525252526N%25252525252525252525252525253d2318%252525252525252525252525252526L%25252525252525252525252525253d780%252525252525252525252525252526F%25252525252525252525252525253dH HTTP/1.1" 403 460 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.4; AskTbFXTV5/5.15.4.23821)"


Mình không biết nguyên nhân & cách xử lý như thế nào?
Mong được các bạn giúp đỡ.
[Up] [Print Copy]
  [Question]   Thắc mắc về 1 đoạn log trong error_log apache và cách khắc phục. 07/11/2012 08:52:23 (+0700) | #2 | 270788
vd_
Member
[Minus]    0    [Plus]
Joined: 06/03/2010 03:05:09
Messages: 124
Offline
[Profile] [PM]
- có 1 ip thì lock ip đó lại
- kiểm tra coi link.php bị lỗi gì mà để người ta khai thác
- bắt chước người ta request thử vào link.php coi coi nó ra cái gì
- viết rule cho application firewall tự động lock các request tương tự lại
[Up] [Print Copy]
  [Question]   Thắc mắc về 1 đoạn log trong error_log apache và cách khắc phục. 11/11/2012 11:44:07 (+0700) | #3 | 270889
[Avatar]
 LM
Moderator
Joined: 16/04/2002 09:27:22
Messages: 129
Offline
[Profile] [PM] [WWW] [Yahoo!]
404, file này không tồn tại. Có thể đang bị bot quét site tìm cái file lỗi.
[Up] [Print Copy]
  [Question]   Thắc mắc về 1 đoạn log trong error_log apache và cách khắc phục. 15/11/2012 07:46:51 (+0700) | #4 | 270996
tphau
Member
[Minus]    0    [Plus]
Joined: 09/07/2012 22:42:15
Messages: 6
Offline
[Profile] [PM]
Mình đã config mod security để block những request như thế này rồi.
Mỗi ngày đều có vài IP request đến như thế và file link.php đó chỉ là 1 file wwwect bình thường.
Mình đã thử truy cập theo những link trên thì chỉ báo 404 hoặc bad url thôi.
Cám ơn LM & vd_ đã reply.
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|