Server ถูกโจมตี

by Little Bear @15 ก.พ. 57 23:33 ( IP : 49...92 ) | Tags : Server Status , Hacked

xxxx.net ถูกโจมตี เริ่มมาตั้งแต่วันที่ 3 ก.พ. 57 แต่ยังไม่รู้ เพิ่งมารู้วันนี้เมื่อ web หยุดทำงานทั้งหมด เช็คดูปรากฏว่า harddisk เต็ม โดยไฟล์ที่ใหญ่ขึ้นคือ log ของโดเมน xxx.net อยู่ใน /var/log/httpd/domains/xxx.net.error.log เบ้อเริ่ม 3xxGB เนื่องจากมีการเข้าถึงไฟล์หนึ่งของ jumla คือ /home/xxxx/domains/xxxx.net/public_html/libraries/joomla/filesystem/folder.php แล้วเกิด warning จึงเกิด error log ที่ใหญ่ขึ้นเรื่อย ๆ จน harddisk เต็ม

ตอนนี้ก็เลย suspen เว็บไว้ก่อน แล้วลบ log file ทิ้งไป

Web created on Sep 30, 2010
1-3 Feb 2014 เริ่มโดนเช็คไฟล์
Mon Feb 03 01:28:24 2014 เริ่มโจมตี

[Sat Feb 01 04:44:34 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:34 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:44:38 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:39 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:44:39 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:39 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:44:41 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:41 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:44:43 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:43 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:44:44 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:44 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:44:46 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 04:44:48 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 04:45:12 2014] [error] [client 96.225.77.163] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 11:03:30 2014] [error] [client 93.79.72.103] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/wp-login.php
[Sat Feb 01 11:03:30 2014] [error] [client 93.79.72.103] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:13 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:13 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:15 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:15 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:17 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:17 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:21 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:21 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:22 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:22 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:24 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:24 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:26 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:26 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 12:43:28 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 12:43:28 2014] [error] [client 208.110.91.138] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sat Feb 01 17:42:03 2014] [error] [client 157.55.32.233] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sat Feb 01 17:42:03 2014] [error] [client 157.55.32.233] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:03 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:03 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:06 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:06 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:10 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:10 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:19 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:19 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:21 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:21 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:25 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:26 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:30 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:30 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 02:12:34 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 02:12:34 2014] [error] [client 144.76.95.231] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 08:34:44 2014] [error] [client 157.55.32.109] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 08:34:44 2014] [error] [client 157.55.32.109] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Sun Feb 02 18:05:29 2014] [error] [client 39.14.234.165] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/favicon.ico, referer: http://www.xxxx.net/
[Sun Feb 02 18:05:29 2014] [error] [client 39.14.234.165] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml, referer: http://www.xxxx.net/
[Sun Feb 02 21:15:38 2014] [error] [client 157.55.32.109] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/modules.php
[Sun Feb 02 21:15:38 2014] [error] [client 157.55.32.109] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Mon Feb 03 01:27:54 2014] [error] [client 121.125.68.103] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/wp-login.php
[Mon Feb 03 01:27:54 2014] [error] [client 121.125.68.103] File does not exist: /home/xxxx/domains/xxxx.net/publichtml/404.shtml
[Mon Feb 03 01:28:24 2014] [error] [client 121.125.68.103] PHP Warning:  opendir(/home/xxxx/domains/xxxx.net/publichtml/administrator/language/th-TH) [<a href='function.opendir'>function.opendir</a>]: failed to open dir: Permission denied in /home/xxxx/domains/xxxx.net/publichtml/libraries/joomla/filesystem/folder.php on line 423
[Mon Feb 03 01:28:24 2014] [error] [client 121.125.68.103] PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /home/xxxx/domains/xxxx.net/publichtml/libraries/joomla/filesystem/folder.php on line 424
[Mon Feb 03 01:28:24 2014] [error] [client 121.125.68.103] PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /home/xxxx/domains/xxxx.net/public_html/libraries/joomla/filesystem/folder.php on line 424

121.125.68.103  Korea, Republic Of  Seoul-t'ukpyolsi    Seoul   Hanaro Telecom Inc.

[Mon Feb 03 01:28:24 2014] [error] [client 121.125.68.103] PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /home/xxxx/domains/xxxx.net/public_html/libraries/joomla/filesystem/folder.php on line 424

[Sat Feb 15 02:03:25 2014] [error] [client 71.40.109.126] PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /home/xxxx/domains/xxxx.net/public_html/libraries/joomla/filesystem/folder.php on line 424

[Sat Feb 15 02:09:28 2014] [error] [client 71.40.109.126] PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /home/xxxx/domains/xxxx.net/public_html/libraries/joomla/filesystem/folder.php on line 424

71.40.109.126   United States   Texas   San Antonio Time Warner Cable Internet Llc<br />
<br />
<br />
[Sat Feb 15 19:53:03 2014] [error] [client 38.103.38.221] PHP Warning:  readdir() expects parameter 1 to be resource, boolean given in /home/xxxx/domains/xxxx.net/public_html/libraries/joomla/filesystem/folder.php on line 424

38.103.38.221   United States   District Of Columbia    Washington  Managed Nodes

195.76.97.22    Spain   Galicia Lugo    Diputacion Provincial De Lugo

91.210.80.80    Romania Bihor   Oradea  Web Dedicated Srl

Relate topics

https expire, cannot auto renew Let's encript 3 เม.ย. 67 16:03
Server Down : Mysql error 28 no space left on the device 30 มี.ค. 64 11:50
ไฟดับ ฮาร์ดดิสพัง เรื่องราวใหญ่โตที่ server 14 ธ.ค. 61 09:57
Server wintesla2003 abnormal reboot 2 ธ.ค. 61 10:55
เปลี่ยน Harddisk Backup on Server 27 พ.ย. 61 21:38
Server ล่มจากการ Upgrade Apache from ver 2.2 to 2.4 10 มี.ค. 60 10:54
Upgrade bash for Bash Shellshock 26 ก.ย. 57 10:28
border9025.com - ส่งเมล์ออกจำนวนมาก 12 ก.ค. 57 17:03
Debian : ปิดการตรวจสอบฮาร์ดดิสอัตโนมัติขณะเปิดเครื่อง 24 พ.ย. 56 16:50
เปลี่ยนค่าใน System Backup 3 ต.ค. 56 09:32
ปิด cronjob บางตัวของ Directadmin 7 ส.ค. 56 02:34
I got hacked. - โดนเข้าแล้ว 26 เม.ย. 56 13:44
ประกาศแจ้งเตือนคนใช้ DA ก่อนถูก HACK 27 ธ.ค. 55 11:00
Host down on 2012-09-02 00:20 น. 2 ก.ย. 55 10:29
Hacked : www.senate.go.th/web-senate 1 ธ.ค. 54 17:20
เอาไม่อยู่ น้ำยังไม่ท่วมเลย ดับเสียแล้ว 23 พ.ย. 54 18:03
MySql down 5 ชั่วโมง 29 ก.ย. 54 20:58
VPS1 - Update Apache and other 29 ต.ค. 52 12:13
VPS2 - Update Apache and other 12 ต.ค. 52 10:43
CAT-HY problen on 2009-10-09 12 ต.ค. 52 10:40

paper version release 2.6.18. ช่วยเหลือ