版主: 版主管理群
後來發現他是利用舊版 phpBB 的 highlight 漏洞,可以執行任意程式碼,還好我的主機是 Windows,如果是 UNIX,將會下載一個 perl 程式,屆時不知將對主機造成多大的損害,所以請大家盡快升級你手邊的 phpBB,不然哪天自己的伺服器被當跳板或是做了什麼事,自己都不知道。'wget' 不是內部或外部命令、
可執行的程式或批次檔。
代碼: 選擇全部
210.77.65.93 - - [29/Apr/2006:10:36:45 +0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 " 404 328代碼: 選擇全部
210.77.65.93 - - [29/Apr/2006:10:36:52 +0800] "GET /NULL.printer HTTP/1.0 " 404 303這不是已經好幾年前的漏洞了嗎 v_vchiouss 寫:看到這個消息趕快翻翻自己已經有 2MB 的 error.log (好久沒清了 :Q),看來最近也有病毒專打 IIS?代碼: 選擇全部
210.77.65.93 - - [29/Apr/2006:10:36:45 +0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0 " 404 328這種攻擊超多的... Orz代碼: 選擇全部
210.77.65.93 - - [29/Apr/2006:10:36:52 +0800] "GET /NULL.printer HTTP/1.0 " 404 303
先把 192.168.1.10/24 還有幾個來源以外的地方擋下來再說...
--
順便把 404 導到 crash_ie.html 去 XD
代碼: 選擇全部
"網路病毒","00:16:32","TCP","220.134.137.54","3792","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","00:41:33","TCP","220.134.137.54","4285","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","02:16:51","TCP","220.134.49.44","2138","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","02:41:45","TCP","220.134.137.54","1252","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","03:04:54","TCP","220.134.49.44","1624","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","03:13:42","TCP","220.134.49.44","1627","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","03:33:09","TCP","220.134.137.54","3407","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","04:23:20","TCP","220.134.49.44","4560","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","04:23:50","TCP","220.134.49.44","1124","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","05:45:49","TCP","220.134.137.54","1485","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","05:55:17","TCP","220.134.137.54","1092","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","06:14:47","TCP","220.134.49.44","1716","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:16:51","TCP","220.134.49.44","4238","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:19:28","TCP","220.134.49.44","2657","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:32:45","TCP","220.134.49.44","2829","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","08:58:34","TCP","220.162.107.223","2184","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","09:02:01","TCP","220.134.137.54","3295","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"
"網路病毒","09:44:39","TCP","220.134.49.44","4364","192.168.0.109","80","---","---","MS04-007_ASN.1_EXPLOIT"ASN.1 啊?我都叫 Kaspersky 被攻擊就直接把對方擋下來一小時,不用回報 (反正回報了也沒有用,看爽的而已)。不過話說我 Windows Update 都已經裝了,上回還是發現中了某早期病毒... Orzcomputer315 寫:最近一直被這個攻擊...不過防火牆都攔了下來
剛才裝了修正檔,感覺好多了:http://www.microsoft.com/downloads/deta ... E663A53698
我可不希望電腦像上回被人控制-.-
pccillin好像沒有自動封鎖的功能...Orzchiouss 寫:ASN.1 啊?我都叫 Kaspersky 被攻擊就直接把對方擋下來一小時,不用回報 (反正回報了也沒有用,看爽的而已)。不過話說我 Windows Update 都已經裝了,上回還是發現中了某早期病毒... Orzcomputer315 寫:最近一直被這個攻擊...不過防火牆都攔了下來
剛才裝了修正檔,感覺好多了:http://www.microsoft.com/downloads/deta ... E663A53698
我可不希望電腦像上回被人控制-.-
--
所以我才把 NAV 換成 Kaspersky 的...