>> Вот к нам тоже, примерно каждый день, аккурат с 13:00 до 14:00,
>> раз в 7 минут по 4 подхода долбит. :)
> А потом скрипт ума набирается и с первой попытки сразу рутом входит ? :-) Ну вообще-то авторизация только по ключам и рута низя.
Да и вообще, уже перенёс на другой порт...
Cкучно стало, в логах только записи крона... :(
Но фигня, ещё есть web сервер!!! Там постоянно бутфорсят
на наличие PHPMyAdmin и стандартные страницы авторизации
и пароли от полулярных SMS.
---
61.250.80.133 - - [27/Nov/2011:12:02:07 +0400] "GET /user/soapCaller.bs HTTP/1.1" 301 486 "-" "Morfeus Fucking Scanner"
95.110.225.52 - - [27/Nov/2011:22:28:28 +0400] "GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1" 400 415 "-" "-"
31.44.184.245 - - [27/Nov/2011:23:50:31 +0400] "POST http://myinfo.any-request-allowed.com/?strGet=get3294 HTTP/1.1" 301 480 "-" "-"
180.210.203.86 - - [01/Dec/2011:21:24:59 +0400] "GET /phpMyAdmin-2.11.2.2/scripts/setup.php HTTP/1.1" 301 518 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:57 +0400] "GET /websql/scripts/setup.php HTTP/1.1" 301 497 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:53 +0400] "GET /pma/scripts/setup.php HTTP/1.1" 301 491 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:53 +0400] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 301 509 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:54 +0400] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 301 512 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:55 +0400] "GET /web/scripts/setup.php HTTP/1.1" 301 491 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:56 +0400] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 301 505 "-" "ZmEu"
180.210.203.86 - - [01/Dec/2011:21:23:48 +0400] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 301 512 "-" "ZmEu"
200.98.197.72 - - [01/Dec/2011:16:19:43 +0400] "POST /_vti_bin/_vti_aut/author.dll HTTP/1.1" 301 525 "-" "core-project/1.0"
61.183.23.146 - - [01/Dec/2011:20:04:49 +0400] "HEAD /manager/html HTTP/1.0" 301 225 "-" "-"
180.210.203.86 - - [01/Dec/2011:21:23:41 +0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 527 "-" "ZmEu"
220.226.103.254 - - [01/Dec/2011:02:25:31 +0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 527 "-" "ZmEu"
220.226.103.254 - - [01/Dec/2011:02:25:31 +0400] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 503 "-" "ZmEu"
220.226.103.254 - - [01/Dec/2011:02:25:32 +0400] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 502 "-" "ZmEu"
220.226.103.254 - - [01/Dec/2011:02:25:32 +0400] "GET /pma/scripts/setup.php HTTP/1.1" 301 491 "-" "ZmEu"
220.226.103.254 - - [01/Dec/2011:02:25:33 +0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 498 "-" "ZmEu"
220.226.103.254 - - [01/Dec/2011:02:25:33 +0400] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 499 "-" "ZmEu"
211.255.24.167 - - [01/Dec/2011:01:35:39 +0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 527 "-" "ZmEu"
211.255.24.167 - - [01/Dec/2011:01:35:40 +0400] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 503 "-" "ZmEu"
211.255.24.167 - - [01/Dec/2011:01:35:40 +0400] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 502 "-" "ZmEu"
211.255.24.167 - - [01/Dec/2011:01:35:41 +0400] "GET /pma/scripts/setup.php HTTP/1.1" 301 491 "-" "ZmEu"
211.255.24.167 - - [01/Dec/2011:01:35:42 +0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 498 "-" "ZmEu"
211.255.24.167 - - [01/Dec/2011:01:35:42 +0400] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 499 "-" "ZmEu"
DLL-ку какую-то искали
200.98.197.72 - - [01/Dec/2011:16:19:43 +0400] "POST /_vti_bin/_vti_aut/author.dll HTTP/1.1" 301 525 "-" "core-project/1.0"