Message Boards
Categories » 技术杂谈 » 针对于asp程序的网络攻击
Threads [ Previous | Next ]
针对于asp程序的网络攻击
针对于asp程序的网络攻击 web master 3/8/08 2:30 PM
来自于广东肇庆的黑客攻击 key keeper 3/22/08 11:52 PM
来自“山东省青岛市网通”的网络攻击 key keeper 3/22/08 11:57 PM
RE: 针对于asp程序的网络攻击 web master 4/5/08 11:42 PM
RE: 针对于asp程序的网络攻击 web master 4/7/08 4:06 PM
RE: 针对于asp程序的网络攻击 web master 4/24/08 11:03 PM
针对于asp程序的网络攻击
3/8/08 2:30 PM
最近,我网站受到了一些试探性的网络攻击,例如
来自ip地址:“218.94.50.204”的“江苏省南京市莫愁新寓红客网吧”的asp攻击,攻击方式为试探是否有IIS系统缺陷。

这里把部分攻击信息公布,为众网管提供参考。

218.94.50.204 - - [08/Mar/2008:13:26:35 +0800] "GET /z9v8log.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:26:37 +0800] "GET /z9v8log.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /log.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /z9v8log.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /log.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /log.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /z9v8log.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /z9v8log.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /log.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:26:38 +0800] "GET /log.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:26:45 +0800] "GET /shell.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:26:55 +0800] "GET /z9v8xiao.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:26:55 +0800] "GET /xiao.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:27:05 +0800] "GET /z9v8cmd.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:27:05 +0800] "GET /z9v8cmd.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:27:06 +0800] "GET /bbs/z9v8cmd.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:27:30 +0800] "GET /z9v8css.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:27:33 +0800] "GET /css.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
218.94.50.204 - - [08/Mar/2008:13:27:50 +0800] "GET /z9v8myup.asp HTTP/1.1" 404 1032 "-" "InetURL:/1.0"
218.94.50.204 - - [08/Mar/2008:13:27:50 +0800] "GET /myup.asp HTTP/1.1" 404 1032 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
来自于广东肇庆的黑客攻击
3/22/08 11:52 PM as a reply to web master.
219.131.98.181 ”来自“广东省肇庆市电信ADSL”

219.131.98.181 - - [22/Mar/2008:16:51:03 +0800] "GET /web.rar HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:08 +0800] "GET /web.rar HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:08 +0800] "GET /web.zip HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:08 +0800] "GET /www.rar HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:09 +0800] "GET /www.zip HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:09 +0800] "GET /wwwroot.rar HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:09 +0800] "GET /www.zip HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:10 +0800] "GET /wwwroot.zip HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:10 +0800] "GET /HYTop.mdb HTTP/1.1" 404 1033 "-" "-"
219.131.98.181 - - [22/Mar/2008:16:51:11 +0800] "GET /packet.mdb HTTP/1.1" 404 1033 "-" "-"
来自“山东省青岛市网通”的网络攻击
3/22/08 11:57 PM as a reply to web master.
“221.215.83.214”来自“山东省青岛市网通”

221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.215.83.214 - - [22/Mar/2008:02:39:36 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
221.215.83.214 - - [22/Mar/2008:02:39:37 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.215.83.214 - - [22/Mar/2008:02:39:37 +0800] "GET /z9v8qq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
221.215.83.214 - - [22/Mar/2008:02:39:37 +0800] "GET /qq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
221.215.83.214 - - [22/Mar/2008:02:39:37 +0800] "GET /z9v8qq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
221.215.83.214 - - [22/Mar/2008:02:39:39 +0800] "GET /webmedia/common/function/xtree.asp?id=1/yuanguvod HTTP/1.1" 404 1036 "-" "-"
RE: 针对于asp程序的网络攻击
4/5/08 11:42 PM as a reply to web master.
ip地址:“222.88.140.141”来自“河南省安阳市盘庚街飞鱼网吧”
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /z9v8tmdqq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /tmdqq.asp HTTP/1.1" 404 1036 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
222.88.140.141 - - [05/Apr/2008:10:01:39 +0800] "GET /z9v8qq.asp HTTP/1.1" 404 1036 "-" "InetURL:/1.0"
RE: 针对于asp程序的网络攻击
4/7/08 4:06 PM as a reply to web master.
“61.191.129.94”来自“安徽省亳州市电信”

61.191.129.94 - - [07/Apr/2008:02:40:12 +0800] "GET /web.rar HTTP/1.1" 404 1033 "-" "-"
61.191.129.94 - - [07/Apr/2008:02:40:12 +0800] "GET /web.zip HTTP/1.1" 404 1033 "-" "-"
61.191.129.94 - - [07/Apr/2008:02:40:12 +0800] "GET /www.rar HTTP/1.1" 404 1033 "-" "-"
61.191.129.94 - - [07/Apr/2008:02:40:12 +0800] "GET /www.zip HTTP/1.1" 404 1033 "-" "-"
61.191.129.94 - - [07/Apr/2008:02:40:12 +0800] "GET /wwwroot.rar HTTP/1.1" 404 1033 "-" "-"
RE: 针对于asp程序的网络攻击
4/24/08 11:03 PM as a reply to web master.
ip地址:“60.28.222.140”来自“天津市网通ADSL”

60.28.222.140 - - [23/Apr/2008:08:57:00 +0800] "GET /Foosun_Data/FS400.mdb HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:00 +0800] "GET /KS_Data/KesionCMS4.mdb HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:00 +0800] "GET /admin/Databackup/NewCloud_Backup.MDB HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:01 +0800] "GET /Foosun_Data/FS400.mdb HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:01 +0800] "GET /KS_Data/KesionCMS4.mdb HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:01 +0800] "GET /admin/Databackup/NewCloud_Backup.MDB HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:12 +0800] "GET /Foosun_Data/FS400.mdb HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:12 +0800] "GET /KS_Data/KesionCMS4.mdb HTTP/1.1" 404 1033 "-" "-"
60.28.222.140 - - [23/Apr/2008:08:57:12 +0800] "GET /admin/Databackup/NewCloud_Backup.MDB HTTP/1.1" 404 1033 "-" "-"