Calender
Sun Mon Tue Wed Thu Fri Sat
      1
2345678
9101112131415
16171819202122
23242526272829
30      
<< September 2018 >>
広告
SEARCH

SELECTED ENTRIES
RECENT COMMENTS
RECENT TRACKBACK
CATEGORIES
ARCHIVES
LINKS
PROFILE
OTHERS
SKYPE
PC: skype.jojo.jp
chat
iPad: iphone.jojo.jp
chat call
THANKS



本日:
昨日:
多言語
広告
 ▼▲ 作業日報 ▼△
    What's under the hood?
<< 晩飯は松家でカレーにしました | main | debian カスタマイズ >>
【Apache】オープンプロキシで大公開・・・・不本意ながら、
 ウェブサーバのログを確認していたらデモサイトのログの膨れ方がかなり大きい、不審に思いみてみると、6日ほど前から外部らからのプロキシリクエストを捌いているモゴモゴモゴモゴ
httpd.conf確認してみたらProxyRequestがOnになっていました、、トホホ
 とりあえず元に戻して404でお帰り願いましょ

 後日ブラックリスト処理するまで、右から左に受け流しときます、、ご迷惑をおかけしたサイト様、失礼いたしましたm(__)m


 恥を承知で、、こんな風に発見、登録、利用されますというログを載せておきます。

下ログだけを見ると
OpenProxyのDB登録CGIは
http://zerg.helllabs.com.ua/cgi-bin/textenv.pl?a=80&b=IPアドレス
http://www.helllabs.net/cgi-bin/seaf4.pl?a=80&b=IPアドレス
となっていてどちらも登録アドレスは発信者アドレス、つまり実際のプロキシ経由でなければなりません、2番目のCGIはヘッダー情報を返します

・プロキシチェックサイト
http://clickingagent.com/proxycheck.php?ip=【ココにIP】&port=80&loc= HTTP/1.0
・ヘッダ情報確認
http://greenboat.info/proxy5/check.php

218.16.72.55 - - [06/Jan/2008:17:54:11 +0900] "GET http://www.yahoo.com/ HTTP/1.1" 200 9431 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
補足されました
216.145.5.42 - - [08/Jan/2008:15:05:07 +0900] "GET /robots.txt HTTP/1.0" 404 208 "http://www.whois.sc/" "SurveyBot/2.3 (Whois Source)"
隠しサイトを探っています
216.145.5.42の逆引は www.whois.sc という疑わしいホストです
216.145.5.42 - - [08/Jan/2008:15:05:07 +0900] "GET / HTTP/1.1" 206 785 "http://www.whois.s
c/【MY-DOMAIN-NAME】" "SurveyBot/2.3 (Whois Source)"
早速プロクシ機能ご利用でドメイン所有者を確認しています
222.141.50.175 - - [08/Jan/2008:16:23:20 +0900] "GET http://www.baidu.com/ HTTP/1.1" 200 3
066 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
時間が空いていますが直で串利用のリクエストを投げてきたので
216.145.5.42から情報を得れるホストです
221.200.231.218 - - [08/Jan/2008:16:31:29 +0900] "GET http://zerg.helllabs.com.ua/cgi-bin/textenv.pl?a=80&b=【MY-GLOBAL-IP】 HTTP/1.0" 200 1005 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
ここでOpenProxyDBに登録したようです
221.200.231.218 - - [08/Jan/2008:16:31:35 +0900] "CONNECT zerg.helllabs.com.ua:80 HTTP/1.0" 403 224 "-" "-"
プロキシを判別しています
221.200.231.218 - - [08/Jan/2008:16:31:39 +0900] "CONNECT zerg.helllabs.com.ua:80 HTTP/1.0" 403 224 "-" "-"
Apacheなので串ではないのですよね・・
217.66.99.94 - - [08/Jan/2008:23:05:13 +0900] "GET http://www.helllabs.net/cgi-bin/seaf4.pl?a=80&b=【MY-GLOBAL-IP】 HTTP/1.0" 200 933 "-" "Mozilla/4.0 (compatible; MSIE 5.5; WindowsNT 4.0)"
別のサイトのOpenProxyDBにも登録されました・・
217.66.99.94 - - [08/Jan/2008:23:05:16 +0900] "CONNECT www.helllabs.net:80 HTTP/1.0" 403 220 "-" "-"

67.85.90.212 - - [09/Jan/2008:00:02:37 +0900] "GET http://www.pr0.net/deny2/azenv.php HTTP/1.0" 200 637 "-" "imbpnngeqcwktqahsXva uackgffc"

68.81.218.144 - - [09/Jan/2008:00:41:49 +0900] "GET http://sa.windows.com/sasearch/inetsrch.xml HTTP/1.0" 304 - "-" "SCAgent"

68.81.218.144 - - [09/Jan/2008:00:41:49 +0900] "GET http://sa.windows.com/sasearch/bar.xsl HTTP/1.0" 304 - "-" "SCAgent"

68.81.218.144 - - [09/Jan/2008:00:41:56 +0900] "GET http://img.sedoparking.com/templates/lite/lite.css HTTP/1.0" 200 6240 "http://www.onlineautoinsuranceca.com/" "Mozilla/4.0 (comp

atible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"68.81.218.144 - - [09/Jan/2008:00:41:53 +0900] "GET http://www.onlineautoinsuranceca.com/ HTTP/1.0" 200 60823 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:43:57 +0900] "GET http://www.onlineautoinsuranceca.com/parking.php4?task=search&domain=onlineautoinsuranceca.com&s=5521854e5854eabb89c0&a_id=3&language=ja&pgt=jADza4BDtJgKEwjIqfOG_eaQAhUbOV4KHaYpnCQYACAAMPfaxAk4DQ&ags=vG12d6sl4b8KEwjIqfOG_eaQAhUbOV4KHaYpnCQYAyAAMPfaxAk4DQ&pxy_t=254&start=1&add_c=4f2aa6287830d3262941f48a3e659130&category=¥xe9¥x9b¥xbb¥xe5¥x8c¥x96¥xe8¥xa3¥xbd¥xe5¥x93¥x81&keyword=DVD&sub=2&pos=1 HTTP/1.0" 200 34189 "http://www.onlineautoinsuranceca.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
68.81.218.144 - - [09/Jan/2008:00:44:59 +0900] "GET http://sa.windows.com/sasearch/inetsrch.xml HTTP/1.0" 304 - "-" "SCAgent"
68.81.218.144 - - [09/Jan/2008:00:44:59 +0900] "GET http://sa.windows.com/sasearch/bar.xsl HTTP/1.0" 304 - "-" "SCAgent"

68.81.218.144 - - [09/Jan/2008:00:45:00 +0900] "GET http://www.onlineautoinsuranceca.com/search/redirect.php?f=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DL%26ai%3DB8sMPPJqDR5SLM5Ws-wK95-SfDLfF_yP72--LA83Z4wjArfkfEAMYAyDh-fcBKAcwATgBUKKW4uQHYImz34TgFKoBHHNlYXJjaF81NCtzZWFyY2hfMStzZWFyY2hfMjCyARlvbmxpbmVhdXRvaW5zdXJhbmNlY2EuY29tyAEB2gEZb25saW5lYXV0b2luc3VyYW5jZWNhLmNvbakCJ3ntH7ugQz7ZAygF9GEZcN9b4AMS9QNAAAAA%26num%3D3%26q%3Dhttp%3A%2F%2Fc.p-advg.com%2FadpCnt%2Fr%253Fmid%253D600708%2526lid%253D4005%26usg%3DAFQjCNEHxqizPBBbympCAlpNEMsJ3Y9aJA&l=NTcwODAxZjU0NjNmMmI2OGMwZjdjZTc1OTZhNjUwMDQJMC4wOTc1CTEwMDAJMjgJMQkJCTcJMwkzCWQ0NWY2ODgwMGM1NGJiODZiYmUxNmU1NWNmZWU0Zjg0CXd3dy5hc2t1bC5jby5qcAkyODk5NDMzMwlzCTY0MTY1MwkwCTgJZHZkCTIyCTEJMTQJNTYJMAkwLjE0MDEwMAlOCTI1NAk0ZjJhYTYyODc4MzBkMzI2Mjk0MWY0OGEzZTY1OTEzMAkwCTIJMQkJMC4wOTc1CQk= HTTP/1.0" 302 887 "http://www.onlineautoinsuranceca.com/parking.php4?task=search&domain=onlineautoinsuranceca.com&s=5521854e5854eabb89c0&a_id=3&language=ja&pgt=jADza4BDtJgKEwjIqfOG_eaQAhUbOV4KHaYpnCQYACAAMPfaxAk4DQ&ags=vG12d6sl4b8KEwjIqfOG_eaQAhUbOV4KHaYpnCQYAyAAMPfaxAk4DQ&pxy_t=254&start=1&add_c=4f2aa6287830d3262941f48a3e659130&category=????&keyword=DVD&sub=2&pos=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR1.1.4322; .NET CLR 2.0.50727)"
68.81.218.144 - - [09/Jan/2008:00:45:02 +0900] "GET http://www.google.com/url?sa=L&ai=B8sMPPJqDR5SLM5Ws-wK95-SfDLfF_yP72--LA83Z4wjArfkfEAMYAyDh-fcBKAcwATgBUKKW4uQHYImz34TgFKoBHHNlYXJjaF81NCtzZWFyY2hfMStzZWFyY2hfMjCyARlvbmxpbmVhdXRvaW5zdXJhbmNlY2EuY29tyAEB2gEZb25saW5lYXV0b2luc3VyYW5jZWNhLmNvbakCJ3ntH7ugQz7ZAygF9GEZcN9b4AMS9QNAAAAA&num=3&q=http://c.p-advg.com/adpCnt/r%3Fmid%3D600708%26lid%3D4005&usg=AFQjCNEHxqizPBBbympCAlpNEMsJ3Y9aJA HTTP/1.0" 302249 "http://www.onlineautoinsuranceca.com/parking.php4?task=search&domain=onlineautoinsuranceca.com&s=5521854e5854eabb89c0&a_id=3&language=ja&pgt=jADza4BDtJgKEwjIqfOG_eaQAhUbOV4KHaYpnCQYACAAMPfaxAk4DQ&ags=vG12d6sl4b8KEwjIqfOG_eaQAhUbOV4KHaYpnCQYAyAAMPfaxAk4DQ&pxy_t=254&start=1&add_c=4f2aa6287830d3262941f48a3e659130&category=????&keyword=DVD&sub=2&pos=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:45:02 +0900] "GET http://c.p-advg.com/adpCnt/r?mid=600708&lid=4005 HTTP/1.0" 302 - "http://www.onlineautoinsuranceca.com/parking.php4?task=search&domain=onlineautoinsuranceca.com&s=5521854e5854eabb89c0&a_id=3&language=ja&pgt=jADza4BDtJgKEwjIqfOG_eaQAhUbOV4KHaYpnCQYACAAMPfaxAk4DQ&ags=vG12d6sl4b8KEwjIqfOG_eaQAhUbOV4KHaYpnCQYAyAAMPfaxAk4DQ&pxy_t=254&start=1&add_c=4f2aa6287830d3262941f48a3e659130&category=????&keyword=DVD&sub=2&pos=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:45:03 +0900] "GET http://www.askul.co.jp/stn?frameURL=YSearchByCategoryKeywordBeforeLogon&dspCase=20&pageStartRowNum=0&keyword=DVD-RW&categoryCd=&mode=search HTTP/1.0" 302 1 "http://www.onlineautoinsuranceca.com/parking.php4?task=search&domain=onlineautoinsuranceca.com&s=5521854e5854eabb89c0&a_id=3&language=ja&pgt=jADza4BDtJgKEwjIqfOG_eaQAhUbOV4KHaYpnCQYACAAMPfaxAk4DQ&ags=vG12d6sl4b8KEwjIqfOG_eaQAhUbOV4KHaYpnCQYAyAAMPfaxAk4DQ&pxy_t=254&start=1&add_c=4f2aa6287830d3262941f48a3e659130&category=????&keyword=DVD&sub=2&pos=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:45:04 +0900] "GET http://www.askul.co.jp/com/js/ini.js HTTP/1.0" 200 15506 "http://www.askul.co.jp/webapp/shops-club/servlet/YSearchByCategoryKeywordBeforeLogon?pageStartRowNum=0&screenID=12345&categoryCd=&keyword=DVD-RW&langId=-10&storeId=1001&dspCase=20" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:45:03 +0900] "GET http://www.askul.co.jp/webapp/shops-club/servlet/YSearchByCategoryKeywordBeforeLogon?pageStartRowNum=0&screenID=12345&categoryCd=&keyword=DVD-RW&langId=-10&storeId=1001&dspCase=20 HTTP/1.0" 200 85741 "http://www.onlineautoinsuranceca.com/parking.php4?task=search&domain=onlineautoinsuranceca.com&s=5521854e5854eabb89c0&a_id=3&language=ja&pgt=jADza4BDtJgKEwjIqfOG_eaQAhUbOV4KHaYpnCQYACAAMPfaxAk4DQ&ags=vG12d6sl4b8KEwjIqfOG_eaQAhUbOV4KHaYpnCQYAyAAMPfaxAk4DQ&pxy_t=254&start=1&add_c=4f2aa6287830d3262941f48a3e659130&category=????&keyword=DVD&sub=2&pos=1" "Mozilla/4.0 (compatible;MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"68.81.218.144 - - [09/Jan/2008:00:45:06 +0900] "GET http://www.askul.co.jp/com/js/shoppingNews.js HTTP/1.0" 200 374 "http://www.askul.co.jp/webapp/shops-club/servlet/YSearchByCategoryKeywordBeforeLogon?pageStartRowNum=0&screenID=12345&categoryCd=&keyword=DVD-RW&langId=-10&storeId=1001&dspCase=20" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NETCLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:45:06 +0900] "GET http://www.askul.co.jp/com/css/club.css HTTP/1.0" 200 41059 "http://www.askul.co.jp/webapp/shops-club/servlet/YSearchByCategoryKeywordBeforeLogon?pageStartRowNum=0&screenID=12345&categoryCd=&keyword=DVD-RW&langId=-10&storeId=1001&dspCase=20" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:45:08 +0900] "GET http://www.askul.co.jp/com/css/top.css HTTP/1.0" 200 3143 "http://www.askul.co.jp/webapp/shops-club/servlet/YSearchByCategoryKeywordBeforeLogon?pageStartRowNum=0&screenID=12345&categoryCd=&keyword=DVD-RW&langId=-10&storeId=1001&dspCase=20" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:46:06 +0900] "GET http://www.askul.co.jp/clm?id=11309 HTTP/1.0" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:46:07 +0900] "GET http://www.askul.co.jp/com/css/outlet.css HTTP/1.0" 200 4876 "http://www.askul.co.jp/ol/newcomer/newcomer_00/00/?id=11309&basketDispFlg=null&frameURL=%2Fol%2Fnewcomer%2Fnewcomer_00%2F00%2F&screenID=12345&langId=-10&storeId=1001" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:46:06 +0900] "GET http://www.askul.co.jp/ol/newcomer/newcomer_00/00/?id=11309&basketDispFlg=null&frameURL=%2Fol%2Fnewcomer%2Fnewcomer_00%2F00%2F&screenID=12345&langId=-10&storeId=1001 HTTP/1.0" 200 54451 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:47:08 +0900] "GET http://www.askul.co.jp/webapp/shops-club/servlet/YApplyMembershipPortalView?storeId=1001&screenID=GF00101010 HTTP/1.0" 200 18891 "http://www.askul.co.jp/ol/newcomer/newcomer_00/00/?id=11309&basketDispFlg=null&frameURL=%2Fol%2Fnewcomer%2Fnewcomer_00%2F00%2F&screenID=12345&langId=-10&storeId=1001" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:48:05 +0900] "GET http://www.askul.co.jp/webapp/shops-club/servlet/YNetMemberTermView?storeId=1001&screenID=GF00201010 HTTP/1.0" 302 - "http://www.askul.co.jp/webapp/shops-club/servlet/YApplyMembershipPortalView?storeId=1001&screenID=GF00101010" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

68.81.218.144 - - [09/Jan/2008:00:48:05 +0900] "CONNECT www.askul.co.jp:443 HTTP/1.0" 502232 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
67.85.90.212 - - [09/Jan/2008:01:04:09 +0900] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.0" 200 621 "-" "otxjxhwirefw2fJulxhwfJfceniphknulwf"

67.85.90.212 - - [09/Jan/2008:02:02:40 +0900] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.0" 200 609 "-" "evqIibayvifoopxpteeqyes"

216.118.117.92 - - [09/Jan/2008:02:57:59 +0900] "POST http://www.fxstreet.com/nou/noticies/afx/noticias.asp HTTP/1.1" 302 184 "www.fxstreet.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

216.118.117.92 - - [09/Jan/2008:03:00:20 +0900] "POST http://www.fxstreet.com/nou/noticies/afx/noticias.asp HTTP/1.1" 302 184 "www.fxstreet.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

67.85.90.212 - - [09/Jan/2008:03:04:05 +0900] "GET http://thecric.free.fr/AZenv/azenv.phpHTTP/1.0" 200 614 "-" "h npsduimpjuujveiiu yemeEg"

216.118.117.92 - - [09/Jan/2008:03:29:38 +0900] "POST http://www.fxstreet.com/nou/noticies/afx/noticias.asp HTTP/1.1" 302 184 "www.fxstreet.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

(・・・)

216.118.117.92 - - [09/Jan/2008:07:03:29 +0900] "POST http://www.fxstreet.com/nou/noticies/afx/noticias.asp HTTP/1.1" 302 184 "www.fxstreet.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
67.85.90.212 - - [09/Jan/2008:07:06:23 +0900] "GET http://www.pr0.net/deny2/azenv.php HTTP/1.0" 200 647 "-" "brckuvnxgavqhjm mkrjtkolpvianlueoafvhad"
67.85.90.212 - - [09/Jan/2008:08:06:18 +0900] "GET http://thecric.free.fr/AZenv/azenv.phpHTTP/1.0" 200 613 "-" "mgwvadilm8iQitvxnQ88wdngxll"
67.85.90.212 - - [09/Jan/2008:09:06:31 +0900] "GET http://www.pr0.net/deny2/azenv.php HTTP/1.0" 200 637 "-" "tokasdnemamotfedxnvgcxotxdwfl"
67.85.90.212 - - [09/Jan/2008:10:06:42 +0900] "GET http://www.internetsec.org/azenv.php HTTP/1.0" 200 651 "-" "qopdvhyvmydvihrpvswuaayymy fxov"
67.85.90.212 - - [09/Jan/2008:11:06:37 +0900] "GET http://www.pr0.net/deny2/azenv.php HTTP/1.0" 200 646 "-" "kxbjgjbvxhthsuuupbkbvklbwpjykmmkwumwee"
60.175.61.188 - - [09/Jan/2008:11:56:30 +0900] "GET http://verify.qq.com/getimage?0.8821770718181844 HTTP/1.1" 200 1132 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"
67.85.90.212 - - [09/Jan/2008:12:05:46 +0900] "GET http://www.internetsec.org/azenv.php HTTP/1.0" 200 657 "-" "axKgos0kkfk fasombdulluuvfrpl0c lefpe"
67.202.30.157 - - [09/Jan/2008:12:36:05 +0900] "GET / HTTP/1.0" 200 785 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
| Linux | 12:16 | comments(0) | trackbacks(1) |









http://blog.jojo.jp/trackback/799175
【ウェブサーバ】についてのお得なブログリンク集
ウェブサーバ に関する最新のブログ検索の結果をまとめて、口コミや評判、ショッピング情報を集めてみると…
| 旬なキーワードでお得なブログのリンク集 | 2008/01/15 9:17 PM |