English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận bảo mật Nhờ phân tích log Ddos  XML
  [Question]   Nhờ phân tích log Ddos 22/06/2012 10:18:24 (+0700) | #1 | 265426
cutiblung
Member
[Minus]    0    [Plus]
Joined: 21/10/2009 01:00:20
Messages: 30
Offline
[Profile] [PM]
Code:
115.74.223.54 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340284948736&msg=Fucked! HTTP/1.1" 404 2262
27.69.41.114 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202786993&msg=Fucked! HTTP/1.1" 404 2262
27.69.41.114 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202786993&msg=Fucked! HTTP/1.1" 404 2262
117.4.25.112 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340210072116&msg=Fucked! HTTP/1.1" 404 2262
117.4.25.112 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340210072116&msg=Fucked! HTTP/1.1" 404 2262
27.77.198.53 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203307891&msg=Fucked! HTTP/1.1" 404 2262
27.77.198.53 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203307891&msg=Fucked! HTTP/1.1" 404 2262
118.71.62.176 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202627057&msg=Fucked! HTTP/1.1" 404 2262
118.71.62.176 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202627057&msg=Fucked! HTTP/1.1" 404 2262
27.77.198.53 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203307897&msg=Fucked! HTTP/1.1" 404 2262
27.77.198.53 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203307897&msg=Fucked! HTTP/1.1" 404 2262
117.4.25.112 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340210072122&msg=Fucked! HTTP/1.1" 404 2262
117.4.25.112 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340210072122&msg=Fucked! HTTP/1.1" 404 2262
183.80.218.85 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340375974594&msg=Fucked! HTTP/1.1" 404 2262
183.80.218.85 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340375974594&msg=Fucked! HTTP/1.1" 404 2262
117.4.25.112 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340210072128&msg=Fucked! HTTP/1.1" 404 2262
117.4.25.112 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340210072128&msg=Fucked! HTTP/1.1" 404 2262
171.243.147.79 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340296071470&msg=Fucked! HTTP/1.1" 404 2262
171.243.147.79 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340296071470&msg=Fucked! HTTP/1.1" 404 2262
115.78.197.224 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1337777886139&msg=Fucked! HTTP/1.1" 404 2262
115.78.197.224 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1337777886139&msg=Fucked! HTTP/1.1" 404 2262
115.78.197.224 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1337777900213&msg=Fucked! HTTP/1.1" 404 2262
115.78.197.224 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1337777900213&msg=Fucked! HTTP/1.1" 404 2262
123.21.224.243 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203131368&msg=Fucked! HTTP/1.1" 404 2262
123.21.224.243 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203131368&msg=Fucked! HTTP/1.1" 404 2262
27.69.41.114 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202799057&msg=Fucked! HTTP/1.1" 404 2262
27.69.41.114 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202799057&msg=Fucked! HTTP/1.1" 404 2262
203.93.28.166 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php?&time=0.1522221 HTTP/1.1" 404 2234
203.93.28.166 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php?&time=0.1522221 HTTP/1.1" 404 2234
118.71.62.176 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202627058&msg=Fucked! HTTP/1.1" 404 2262
118.71.62.176 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340202627058&msg=Fucked! HTTP/1.1" 404 2262
115.78.203.33 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203231552&msg=Fucked! HTTP/1.1" 404 2262
115.78.203.33 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1340203231552&msg=Fucked! HTTP/1.1" 404 2262
115.78.197.224 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1337777901935&msg=Fucked! HTTP/1.1" 404 2262
115.78.197.224 - - [20/Jun/2012:20:42:28 +0400] "GET /@4rum/forum.php)?id=1337777901935&msg=Fucked! HTTP/1.1" 404 2262


Log ngày 20 này dạng iframe rồi khá quen thuộc.
Code:
220.181.124.68 - - [20/Jun/2012:20:42:30 +0400] "GET /@4rum/forum.php?&time=0.15528 HTTP/1.0" 404 2230
220.181.124.68 - - [20/Jun/2012:20:42:30 +0400] "GET /@4rum/forum.php?&time=0.15528 HTTP/1.0" 404 2230

cái này giống trong ký sự HVA nhỉ chắc ai cũng biết.


Còn nữa HTTP POST ATTACK
Code:
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:09 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988
64.233.136.54 - - [20/Jun/2012:21:33:10 +0400] "POST /index.php/1.0" 404 1988




Còn cái log này lạ quá anh em phân tích phát 1 dạng slow chăng smilie
Code:
117.4.38.126 - - [21/Jun/2012:18:55:25 +0400] "-" 408 -
117.4.38.126 - - [21/Jun/2012:18:55:25 +0400] "-" 408 -
113.165.4.22 - - [21/Jun/2012:18:55:34 +0400] "-" 408 -
113.165.4.22 - - [21/Jun/2012:18:55:34 +0400] "-" 408 -
117.2.165.35 - - [21/Jun/2012:18:55:35 +0400] "-" 408 -
117.2.165.35 - - [21/Jun/2012:18:55:35 +0400] "-" 408 -
117.6.129.169 - - [21/Jun/2012:18:55:36 +0400] "-" 408 -
117.6.129.169 - - [21/Jun/2012:18:55:36 +0400] "-" 408 -
117.6.129.169 - - [21/Jun/2012:18:55:37 +0400] "-" 408 -
117.6.129.169 - - [21/Jun/2012:18:55:37 +0400] "-" 408 -
113.181.48.247 - - [21/Jun/2012:18:55:39 +0400] "-" 408 -
[Up] [Print Copy]
  [Question]   Nhờ phân tích log Ddos 25/06/2012 09:19:25 (+0700) | #2 | 265542
[Avatar]
 tdtv-bkt432
Member
[Minus]    0    [Plus]
Joined: 13/06/2012 02:14:06
Messages: 47
Location: /root/user...../null
Offline
[Profile] [PM]
ddos bằng zombie. mà chắc nó ngồi bấm F5 nè smilie
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|