pravdepodobne pokus o hack...

[Martin Duda]

Dobry den,
v logu serveru jsem nasel pokusy o pristup do adresare cgi-bin na
nasledujici scripty:
...
cgi-bin/view-source
cgi-bin/php-cgi
cgi-bin/handler
cgi-bin/test-cgi
cgi-bin/nph-test-cgi
cgi-bin/phf                 <- tohle je myslim uz vousate :-)
cgi-bin/phf.pp
cgi-bin/phf.cgi
cgi-bin/websendmail
cgi-bin/environ.cgi
cgi-bin/php.cgi
cgi-bin/php
cgi-bin/perl.exe
cgi-bin/wwwboard.pl
cgi-bin/www-sql
cgi-bin/view-source
cgi-bin/AT-admin.cgi
cgi-bin/wwwadmin.pl
cgi-bin/formmail.pl
cgi-bin/sendform.cgi
cgi-bin/maillist.pl
iisadmpwd/achg.htr
iisadmpwd/aexp.htr
iisadmpwd/anot.htr
msadc/Samples/SELECTOR/showcode.asp
_AuthChangeUrl
....../autoexec.bat
scripts/fpcount.exe
scripts/cgimail.exe
scripts/tools/newdsn.exe
scripts/tools/getdrvs.exe
cgi-bin/bnbform.cgi
cgi-bin/survey.cgi
domcfg.nsf/
cgi-bin/count.cgi
cgi-bin/guestbook.cgi
cgi-bin/aglimpse
cgi-bin/finger
cgi-bin/jj
cgi-bin/man.sh
cgi-bin/webdist.cgi
cgi-bin/wrap.cgi
cgi-bin/handler.cgi
cgi-bin/day5datacopier.cgi
cgi-bin/day5datanotifier.cgi
cgi-bin/pfdisplay.cgi
perl/files.pl
scripts/convert.bas
cgi-bin/dumpenv.pl
cgi-bin/upload.pl
session/adminlogin
cgi-bin/campas
cgi-bin/textcounter.pl
cgi-bin/view-source
cgi-bin/webgais
cgi-bin/htmlscript
cgi-win/uploader.exe
cgi-dos/args.cmd
cgi-dos/args.bat
cgi-bin/faxsurvey
_vti_pvt/users.pwd
_vti_pvt/administrators.pwd
_vti_pvt/shtml.dll
_vti_pvt/shtml.exe
__vti_inf.html
cfdocs/expelval/openfile.cfm
cfdocs/expelval/exprcalc.cfm
cfdocs/expelval/displayopenedfile.cfm
cfdocs/expelval/sendmail.cfm
search97.vts
AdvWorks/equipment/catalog_type.asp
ASPSamp/AdvWorks/equipment/catalog_type.asp
cgi-bin/filemail.pl
cgi-bin/info2www
cgi-bin/finger
cgi-bin/AnyForm2
cgi-bin/classifieds.cgi
carbo.dll
cgi-bin/fpexplore.exe
cgi-bin/whois_raw.cgi
scripts/counter.exe
cgi-bin/responder.cgi
cgi-bin/wguest.exe
cgi-bin/rguest.exe
scripts/no-such-file.pl
scripts/iisadmin/ism.dll
samples/search/queryhit.htm
scripts/samples/search/webhits.exe
domcfg.nsf/
cgi-shl/win-c-sample.exe
default.asp::$DATA
server logfile
cgi-bin/tigvote.cgi
cgi-bin/webutils.pl
blabla.idc
blabla.idq
blabla.ida
blabla.idw
msadc/msadcs.dll
global.asa+.htr
db/spn.mdb
null.htw
_vti_pvt/service.pwd
samples/search/queryhit.htm
data/db_asp_content.mdb
adredir.asp
redirect.asp
cgi-bin/cached_feed.cgi
password.txt
scripts/..ŔŻ../winnt/system32/cmd.exe
default.asp/a.exe/..ŔŻ../winnt/system32/cmd.exe
scripts/..Áś../winnt/system32/cmd.exe
default.asp~
index.asp~
index.php~
index.php3~
scripts/counter.exe
adsamples/config/site.csc
admin/auth.adduser.html
stationmanager/lariat/server/config/stnmng.cfg
cfdocs/exampleapp/docs/sourcewindow.cfm
scripts/iisadmin/ism.dll
W3SVC/1/ROOT/_vti_bin/_vti_adm
W3SVC/
iisadmin/
_vti_bin/shtml.exe
cgi-bin/bnbform.cgi
default.asp
default.asp.old
default.old
index.php.old
index.asp.old
index.old
index.as_
index.ph_
index.php_
default.as_
index.php3.old
cgi-bin/aglimpse
cgi/
cgi-bin/AT-generate.cgi
secure/.htaccess
secure/.wwwacl
perl/files.pl
inc/
index.php
index.php3
default.asp
global.asa?+.h
...
Posilam to jako zajimavost, treba se to bude nekomu hodit. Cele to
probehlo asi behem 10 sekund,
takze na to ten clovicek mel asi nejaky scriptik.
Adresa ze ktere to slo je 212.71.128.29 -> www.webzdarma.cz <-

Duda