Jump to content

DenN

Members
  • Content Count

    3
  • Joined

  • Last visited

    Never
  1. спасибо помогло [root ~]# grep ZmEu /var/log/httpd/access_log | awk '{print $1}' | sort -u 118.131.70.247 200.93.248.10 27.22.85.10
  2. Проверь жестокий диск, если его подозреваешь smartctl --all /dev/sda(нужный HDD) если есть ошибки то покажет. ATA Error Count: 11 (device log contains only the most recent five errors)
  3. У меня идут постоянные атаки на Web-server. Выбрать атакующие IP я могу. grep ZmEu /var/log/httpd/access_log как отсеять повторяющиеся строки? Лог файл выглядит примерно так 27.22.85.10 - - [06/Feb/2012:22:10:52 +0600] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu"27.22.85.10 - - [06/Feb/2012:22:10:53 +0600] "GET /3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 315 "-" "ZmEu"27.22.85.10 - - [06/Feb/2012:22:10:55 +0600] "GET /admin/mysql/scripts/setup.php HTTP/1.1" 404 307 "-" "ZmEu"27.22.85.10 - - [06/Feb/2012:22:10:57 +0600] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 312 "-" "ZmEu"27.22.85.10 - - [06/Feb/2012:22:10:59 +0600] "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 305 "-" "ZmEu"200.93.248.10 - - [05/Feb/2012:11:36:42 +0600] "GET // HTTP/1.1" 200 4724 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"200.93.248.10 - - [05/Feb/2012:11:36:42 +0600] "GET //phpmyadmin/ HTTP/1.1" 404 289 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"200.93.248.10 - - [05/Feb/2012:11:36:43 +0600] "GET //phpMyAdmin/ HTTP/1.1" 404 289 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"200.93.248.10 - - [05/Feb/2012:11:36:43 +0600] "GET //phpMyAdmin2/ HTTP/1.1" 404 290 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"200.93.248.10 - За ранее всем спасибо , прошу палками не бить )))
×
×
  • Create New...