webサーバへのヘンなアクセス
うちにはmysqladminもphpmyadminも無いっつーの!
抽出のための1行シェル。前提はcentos5に入ってるhttpdです
for aaa in `cat /var/log/httpd/access_log |grep -v 'GET \/ひみつ' | awk '{print $1}' | grep -v うちのIP | sort | uniq`
do
cat /var/log/httpd/access_log | grep $aaa | awk '{print $6,$7}' | sort | uniq | sort
done \
sort uniq sort > illegal_access
出力結果
"CONNECT 203.188.201.253:25
"GET /
"GET /PMA2005/scripts/setup.php
"GET /admin/phpmyadmin/scripts/setup.php
"GET /admin/pma/scripts/setup.php
"GET /admin/scripts/setup.php
"GET /db/scripts/setup.php
"GET /dbadmin/scripts/setup.php
"GET /myadmin/scripts/setup.php
"GET /mysql-admin/scripts/setup.php
"GET /mysql/scripts/setup.php
"GET /mysqladmin/scripts/setup.php
"GET /mysqlmanager/scripts/setup.php
"GET /p/m/a/scripts/setup.php
"GET /php-my-admin/scripts/setup.php
"GET /php-myadmin/scripts/setup.php
"GET /phpMyAdmin-2.2.3/scripts/setup.php
"GET /phpMyAdmin-2.2.6/scripts/setup.php
"GET /phpMyAdmin-2.5.1/scripts/setup.php
"GET /phpMyAdmin-2.5.4/scripts/setup.php
"GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php
"GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php
"GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php
"GET /phpMyAdmin-2.5.5/scripts/setup.php
"GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php
"GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php
"GET /phpMyAdmin-2.5.6/scripts/setup.php
"GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php
"GET /phpMyAdmin-2.5.7/scripts/setup.php
"GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php
"GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php
"GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php
"GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php
"GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php
"GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php
"GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php
"GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php
"GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php
"GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php
"GET /phpMyAdmin-2.6.0/scripts/setup.php
"GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php
"GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php
"GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php
"GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php
"GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php
"GET /phpMyAdmin-2.6.1/scripts/setup.php
"GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php
"GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php
"GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php
"GET /phpMyAdmin-2.6.2/scripts/setup.php
"GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php
"GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php
"GET /phpMyAdmin-2.6.3/scripts/setup.php
"GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php
"GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php
"GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php
"GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php
"GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php
"GET /phpMyAdmin-2.6.4/scripts/setup.php
"GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php
"GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php
"GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php
"GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php
"GET /phpMyAdmin-2.7.0/scripts/setup.php
"GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php
"GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php
"GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php
"GET /phpMyAdmin-2.8.0.1/scripts/setup.php
"GET /phpMyAdmin-2.8.0.2/scripts/setup.php
"GET /phpMyAdmin-2.8.0.3/scripts/setup.php
"GET /phpMyAdmin-2.8.0.4/scripts/setup.php
"GET /phpMyAdmin-2.8.0/scripts/setup.php
"GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php
"GET /phpMyAdmin-2.8.1/scripts/setup.php
"GET /phpMyAdmin-2.8.2/scripts/setup.php
"GET /phpMyAdmin-2/scripts/setup.php
"GET /phpMyAdmin/scripts/setup.php
"GET /phpadmin/scripts/setup.php
"GET /phpmanager/scripts/setup.php
"GET /phpmy-admin/scripts/setup.php
"GET /phpmyadmin/scripts/setup.php
"GET /phpmyadmin1/scripts/setup.php
"GET /phpmyadmin2/scripts/setup.php
"GET /pma/scripts/setup.php
"GET /pma2005/scripts/setup.php
"GET /scripts/setup.php
"GET /sqlmanager/scripts/setup.php
"GET /sqlweb/scripts/setup.php
"GET /typo3/phpmyadmin/scripts/setup.php
"GET /user/soapCaller.bs
"GET /w00tw00t.at.ISC.SANS.MSlog:)
"GET /w00tw00t.at.blackhats.romanian.anti-sec:)
"GET /web/phpMyAdmin/scripts/setup.php
"GET /web/scripts/setup.php
"GET /webadmin/scripts/setup.php
"GET /webdb/scripts/setup.php
"GET /websql/scripts/setup.php
"GET /xampp/phpmyadmin/scripts/setup.php
"HEAD /
"POST /mysql/scripts/setup.php
"POST /phpMyAdmin/scripts/setup.php
"POST /phpmyadmin/scripts/setup.php
"POST /pma/scripts/setup.php
"POST /scripts/setup.php
