ウェブサイトの改ざんの続き

   2010/06//25  Leave a Comment on ウェブサイトの改ざんの続き  Posted in 2010年, その他

まいるっ

見落としていたっ
まぁ、書いてみよう。
まず、ログファイルを見落としていた。
げっ
====================
apache/error_log
====================
[Tue May 18 13:29:00 2010] [error] [client 189.38.90.54] Unable to PUT new contents for /index.html.  [403, #0]
[Tue May 18 13:29:00 2010] [error] [client 189.38.90.54] (13)Permission denied: An error occurred while opening a resource.  [500, #0]
[Tue May 18 13:29:07 2010] [error] [client 189.38.90.54] Unable to PUT new contents for /index.php.  [403, #0]
[Tue May 18 13:29:07 2010] [error] [client 189.38.90.54] (13)Permission denied: An error occurred while opening a resource.  [500, #0]
====================
apache/access_log
====================
189.38.90.54 – – [18/May/2010:13:29:00 +0900] “PUT /index.htm HTTP/1.1” 201 376 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:00 +0900] “PUT /index.html HTTP/1.1” 403 404 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:01 +0900] “PUT /welcome.htm HTTP/1.1” 201 378 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:01 +0900] “PUT /welcome.html HTTP/1.1” 201 379 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:01 +0900] “PUT /home.htm HTTP/1.1” 201 375 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:02 +0900] “PUT /home.html HTTP/1.1” 201 376 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:02 +0900] “PUT /index.aspx HTTP/1.1” 201 377 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:03 +0900] “PUT /defaut.aspx HTTP/1.1” 201 378 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:03 +0900] “PUT /home.aspx HTTP/1.1” 201 376 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:03 +0900] “PUT /default.htm HTTP/1.1” 201 378 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:04 +0900] “PUT /default.html HTTP/1.1” 201 379 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:04 +0900] “PUT /index.asp HTTP/1.1” 201 376 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:04 +0900] “PUT /main.htm HTTP/1.1” 201 375 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:05 +0900] “PUT /iisstart.asp HTTP/1.1” 201 379 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:05 +0900] “PUT /main.html HTTP/1.1” 201 376 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:05 +0900] “PUT /main.asp HTTP/1.1” 201 375 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:06 +0900] “PUT /main.aspx HTTP/1.1” 201 376 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:06 +0900] “PUT /default.asp HTTP/1.1” 201 378 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:07 +0900] “PUT /home.asp HTTP/1.1” 201 375 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:07 +0900] “PUT /index.php HTTP/1.1” 403 403 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:07 +0900] “PUT /default.php HTTP/1.1” 201 378 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:08 +0900] “PUT /home.php HTTP/1.1” 201 375 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:08 +0900] “PUT /iisstart.asp HTTP/1.1” 204 – “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:08 +0900] “PUT /localstart.asp HTTP/1.1” 201 381 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:09 +0900] “PUT /Entrada.asp HTTP/1.1” 201 378 “-” “Microsoft Data Access Internet Publishing Provider DAV 1.1”
189.38.90.54 – – [18/May/2010:13:29:09 +0900] “GET / HTTP/1.1” 200 8158 “-” “libwww-perl/5.808”
前に書いたように、ドキュメントルートのファイルにはちょっと特別なことをしていたので、エラーになっているのだな。
それにしてもっ
WebDAVの設定だったのだった…
ファイル共有を便利にしようっ、と、実験していたのだが、うまくいかず、そのままにしていたのだった。
これが敗因。
つまり、パスワードナシで書き込める「領域」を残してしまっていたのだ。
くぅぅぅぅ
ちなみに、189.38.90.54、は、
https://www.talosintelligence.com
によると、ブラジルにあるらしい。
とは言え、踏み台にされている可能性もあるけどね。
まいるっ
Author: Kumecchi

コメントを残す