「BillGates」Linux Botnet-それはどこから来たのですか?

画像



ちょうど昨日、 ValdikSSの記事「Linux Botnet“ BillGates”」を読み、それを読んだ後、どこから来たのかを伝えたかったのです。



リトリート


先日、上司は彼女の幼い息子を運転して心を学びました、そして才能が最初にサーバーOSを見るので、子供を教えるという決定はLAMPを搭載した古いubuntサーバー(Linux + Apache + MySQL + PHP)に落ちました。 幸いなことに、プロジェクトは公開される前にテストされます。



入門講義と大量の古紙の後、新しいアンダーユーザーがサーバー上に作成され、SSH動物園に安全に追加され、「Thispasswordiscrypt」という形式の標準パスワードが割り当てられました。 トレーニングの過程で、少ない方は長いパスワードを入力することに悩まされ、知らないうちに「fack_off」に変更されました。 当時、データベースのバックアップと選択的にサーバーを選択しましたが、何らかの既知の理由により、データベースはそのアカウントで復元されませんでした。 高騰しないで、私は彼に昇格した特権を追加しました。 これですべてが問題なく、上司は透かし彫りになりました。 母が近くにいて喫煙できないので、私だけが煙突に行き、彼は科学の花崗岩をかじります。



クライマックス


翌日、プランクトンは、ゆっくり稼働する、または完全に稼働していないインターネット用のアプリケーションを送信しました。 私はすべてを調べましたが、問題は見つかりませんでした。 テスターは運の悪いサーバーでテストを行ったので、プロセスが無料のリソースを食い尽くしていることに気付きませんでした。 夕方、すなわち夕食に向けて、誰もが衰弱して何もしないとき、彼はまだインターネットと呼ばれるグローバルネットワークの崩壊の理由に気づきました。



最初に行われたのは、着信トラフィックと発信トラフィックです。



Vnstatは、1時間ごとのフィルターで1時間あたり32GBの発信トラフィックを示しました。 昨日の19.00から今日の12.30までの合計450 GB。



インターネットがオフになったとき、貪欲なプロセスも落ちましたが、オンにすると、すべてが元の場所に戻りました。 netstat -A inet -n -pを使用して、発信トラフィックを生成するプロセスが特定され、Apache2であることが判明しました。 オフにするとトラフィックは0に落ち、オンにするとチャネル全体が再びブロックされました。



Access.logログには、次の(多くの)読み取りがあります。

access.log
127.0.0.1--[25 / Feb / 2014:19:32:41 +0200] "GET / HTTP / 1.1" 200 724 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0»

127.0.0.1--[25 / Feb / 2014:19:32:43 +0200]“ GET / vnstat / HTTP / 1.1” 200 1464“ localhost ”“ Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0) Gecko / 20100101 Firefox / 26.0»

127.0.0.1--[25 / Feb / 2014:19:32:46 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1676 " localhost / vnstat " " Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:32:46 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:32:49 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=d HTTP / 1.1" 200 1803 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:32:49 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=d&style=dark HTTP / 1.1" 200 40470 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:32:52 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1676 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:32:52 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:20 +0200] "GET /vnstat/index.php?if=eth1&graph=large&style=dark&page=s HTTP / 1.1" 200 1463 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:24 +0200] "GET /vnstat/index.php?if=eth1&graph=large&style=dark&page=d HTTP / 1.1" 200 1804 " localhost / vnstat / index .php?if = eth1&graph = large&style = dark&page = s "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:24 +0200] "GET /vnstat/graph_svg.php?if=eth1&page=d&style=dark HTTP / 1.1" 200 40472 " localhost / vnstat / index.php ?if = eth1&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:25 +0200] "GET /vnstat/index.php?if=eth1&graph=large&style=dark&page=h HTTP / 1.1" 200 1691 " localhost / vnstat / index .php?if = eth1&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:25 +0200] "GET /vnstat/graph_svg.php?if=eth1&page=h&style=dark HTTP / 1.1" 200 33297 " localhost / vnstat / index.php ?if = eth1&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:27 +0200] "GET /vnstat/index.php?if=eth0&graph=large&style=dark&page=h HTTP / 1.1" 200 1711 " localhost / vnstat / index .php?if = eth1&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:33:27 +0200] "GET /vnstat/graph_svg.php?if=eth0&page=h&style=dark HTTP / 1.1" 200 33267 " localhost / vnstat / index.php ?if = eth0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25/2014年2月:19:35:07 +0200] "GET / HTTP / 1.1" 200 724 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0»

127.0.0.1--[25/2014年2月19:35:11 +0200]「GET / vnstat / HTTP / 1.1」200 1464「 localhost 」「Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0) Gecko / 20100101 Firefox / 26.0»

127.0.0.1--[25 / Feb / 2014:19:35:13 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=d HTTP / 1.1" 200 1803 " localhost / vnstat " " Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:13 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=d&style=dark HTTP / 1.1" 200 40470 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:14 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1676 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:14 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:15 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1676 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:16 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 304 210 " localhost / vnstat / index.php?If = ppp0&graph =大きい&スタイル=暗い&ページ= h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:16 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:17 +0200]“ GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1” 200 1676“ localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:17 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 304 210 " localhost / vnstat / index.php?If = ppp0&graph =大きい&スタイル=暗い&ページ= h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:17 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:29 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1677 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:29 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 304 210 " localhost / vnstat / index.php?If = ppp0&graph =大きい&スタイル=暗い&ページ= h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:29 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:54 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1677 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:54 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 304 210 " localhost / vnstat / index.php?If = ppp0&graph =大きい&スタイル=暗い&ページ= h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:35:54 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:36:04 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1677 " localhost / vnstat / index .php?if = ppp0&graph = large&style = dark&page = d "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:36:04 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 304 210 " localhost / vnstat / index.php?If = ppp0&graph =大きい&スタイル=暗い&ページ= h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

127.0.0.1--[25 / Feb / 2014:19:36:04 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:26.0)Gecko / 20100101 Firefox / 26.0 "

159.253.145.150--[25/2014年2月19:46:00 +0200] "GET / HTTP / 1.1" 200 1561 "-" "Mozilla / 5.0(ABE、 noscript.net / abe / wan )"

127.0.0.1--[25 / Feb / 2014:19:46:28 +0200] "GET / HTTP / 1.1" 200 724 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[25 / Feb / 2014:19:46:28 +0200] "GET /icons/folder.gif HTTP / 1.1" 200 516 " localhost " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv :27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[25 / Feb / 2014:19:46:28 +0200] "GET /icons/blank.gif HTTP / 1.1" 200 438 " localhost " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv :27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[25 / Feb / 2014:19:46:28 +0200] "GET /favicon.ico HTTP / 1.1" 404 498 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0 )Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[25 / Feb / 2014:19:46:29 +0200]「GET / vnstat / HTTP / 1.1」200 1465「 localhost 」「Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0) Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[25 / Feb / 2014:19:46:30 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 200 847 " localhost / vnstat " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[25 / Feb / 2014:19:46:31 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1673 " localhost / vnstat " " Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[25 / Feb / 2014:19:46:31 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33313 " localhost / vnstat / index.php ?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

50.19.122.28--[25/2014年2月25日:19:56:21 +0200] "HEAD / HTTP / 1.0" 200169 "-" "-"

91.192.147.154--[25 / Feb / 2014:20:56:02 +0200] "GET / HNAP1 / HTTP / 1.0" 404 473 "-" "Mozil46.98.226.214、Mozilla / 5.0(Windows NT 6.1)AppleWebKit /537.36(KHTML、Geckoなど)Chrome / 32.0.1700.107 Safari / 537.36»

211.24.250.130--[25 / Feb / 2014:21:00:27 +0200] "HEAD / invoker / EJBInvokerServlet / HTTP / 1.1" 404 163 "-" "-"

211.24.250.130--[25/2014年2月21:00:00 +0200] "HEAD / invoker / JMXInvokerServlet / HTTP / 1.1" 404 163 "-" "-"

176.113.124.105--[2014年2月25日:21:11:19 +0200] "-" 408 0 "-" "-"

211.24.250.130--[2014年2月25日:21:15:46 +0200] "HEAD / invoker / EJBInvokerServlet / HTTP / 1.1" 404 163 "-" "-"

211.24.250.130--[25/2014年2月21日:15:47 +0200] "HEAD / invoker / JMXInvokerServlet / HTTP / 1.1" 404 163 "-" "-"

211.24.250.130--[25 / Feb / 2014:21:27:15 +0200] "HEAD / invoker / EJBInvokerServlet / HTTP / 1.1" 404 163 "-" "-"

211.24.250.130--[25 / Feb / 2014:21:27:15 +0200] "HEAD / invoker / JMXInvokerServlet / HTTP / 1.1" 404 163 "-" "-"

175.180.64.70--[25/2014年2月:22:28:28 +0200] "GET /phpTest/zologize/axa.php HTTP / 1.1" 404504 "-" "-"

175.180.64.70--[25 / Feb / 2014:22:28:29 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP / 1.1" 404 508 "-" "-"

175.180.64.70--[2014年2月25日:22:28:30 +0200] "GET /pma/scripts/setup.php HTTP / 1.1" 404 501 "-" "-"

175.180.64.70--[25 / Feb / 2014:22:28:31 +0200] "GET /myadmin/scripts/setup.php HTTP / 1.1" 404 505 "-" "-"

159.253.145.150--[25 / Feb / 2014:22:35:30 +0200] "GET / HTTP / 1.1" 200 1561 "-" "Mozilla / 5.0(ABE、 noscript.net / abe / wan )"

54.205.217.245--[2014年2月26日:01:09:53 +0200] "HEAD / HTTP / 1.0" 200169 "-" "-"

54.205.217.245--[2014年2月26日:01:09:54 +0200]「POST / cgi-bin / php?%2D%64 +%61%6C%6C%6F%77%5F%75%72 %6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E +%2D%64 +%73%61%66%65%5F%6D%6F%64%65%3D% 6F%66%66 +%2D%64 +%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D% 6F%6E +%2D%64 +%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22 +% 2D%64 +%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65 +%2D%64 +%61%75%74 %6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75 %74 +%2D%64 +%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30 +% 2D%64 +%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76 %3D%30 +%2D%6E HTTP / 1.1 "404 491"-"" Mozilla / 5.0(iPad; Mac OS XのようなCPU OS 6_0)AppleWebKit / 536.26(KHTML、Geckoのような)バージョン/ 6.0モバイル/ 10A5355d Safari / 8536.25 "

54.205.217.245--[2014年2月26日:01:09:54 +0200]「POST / cgi-bin / php5?%2D%64 +%61%6C%6C%6F%77%5F%75%72 %6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E +%2D%64 +%73%61%66%65%5F%6D%6F%64%65%3D% 6F%66%66 +%2D%64 +%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D% 6F%6E +%2D%64 +%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22 +% 2D%64 +%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65 +%2D%64 +%61%75%74 %6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75 %74 +%2D%64 +%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30 +% 2D%64 +%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76 %3D%30 +%2D%6E HTTP / 1.1 "404 492"-"" Mozilla / 5.0(iPad; Mac OS XのようなCPU OS 6_0)AppleWebKit / 536.26(KHTML、Geckoのような)バージョン/ 6.0モバイル/ 10A5355d Safari / 8536.25 "

54.205.217.245--[2014年2月26日:01:09:54 +0200]「POST / cgi-bin / php-cgi?%2D%64 +%61%6C%6C%6F%77%5F%75 %72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E +%2D%64 +%73%61%66%65%5F%6D%6F%64%65% 3D%6F%66%66 +%2D%64 +%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E% 3D%6F%6E +%2D%64 +%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22 +%2D%64 +%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65 +%2D%64 +%61%75 %74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70 %75%74 +%2D%64 +%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30 +%2D%64 +%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E %76%3D%30 +%2D%6E HTTP / 1.1 "404 495"-"" Mozilla / 5.0(iPad; Mac OS XのようなCPU OS 6_0)AppleWebKit / 536.26(KHTML、Geckoのような)バージョン/ 6.0モバイル/ 10A5355d Safari / 8536.25»

54.205.217.245--[2014年2月26日:01:09:55 +0200] "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75 %72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E +%2D%64 +%73%61%66%65%5F%6D%6F%64%65% 3D%6F%66%66 +%2D%64 +%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E% 3D%6F%6E +%2D%64 +%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22 +%2D%64 +%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65 +%2D%64 +%61%75 %74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70 %75%74 +%2D%64 +%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30 +%2D%64 +%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E %76%3D%30 +%2D%6E HTTP / 1.1 "404 495"-"" Mozilla / 5.0(iPad; Mac OS XのようなCPU OS 6_0)AppleWebKit / 536.26(KHTML、Geckoのような)バージョン/ 6.0モバイル/ 10A5355d Safari / 8536.25»

54.205.217.245--[2014年2月26日01:09:55 +0200]「POST / cgi-bin / php4?%2D%64 +%61%6C%6C%6F%77%5F%75%72 %6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E +%2D%64 +%73%61%66%65%5F%6D%6F%64%65%3D% 6F%66%66 +%2D%64 +%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D% 6F%6E +%2D%64 +%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22 +% 2D%64 +%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65 +%2D%64 +%61%75%74 %6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75 %74 +%2D%64 +%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30 +% 2D%64 +%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76 %3D%30 +%2D%6E HTTP / 1.1 "404 492"-"" Mozilla / 5.0(iPad; Mac OS XのようなCPU OS 6_0)AppleWebKit / 536.26(KHTML、Geckoのような)バージョン/ 6.0モバイル/ 10A5355d Safari / 8536.25 "

186.94.196.64--[2014年2月26日:01:11:33 +0200] "-" 408 0 "-" "-"

46.38.175.42--[2014年2月26日:01:36:30 +0200] "HEAD / HTTP / 1.0" 200169 "-" "-"

140.117.221.97--[2014年2月26日:20:00:00 +0200] "GET /phpTest/zologize/axa.php HTTP / 1.1" 404504 "-" "-"

140.117.221.97--[2014年2月26日:20:00:00 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP / 1.1" 404 508 "-" "-"

140.117.221.97--[2014年2月26日:20:00:01 +0200] "GET /pma/scripts/setup.php HTTP / 1.1" 404 501 "-" "-"

140.117.221.97--[2014年2月26日:02:00:02 +0200] "GET /myadmin/scripts/setup.php HTTP / 1.1" 404 505 "-" "-"

125.231.178.217--[2014年2月26日:02:02:48 +0200] "GET /phpTest/zologize/axa.php HTTP / 1.1" 404504 "-" "-"

125.231.178.217--[26 / Feb / 2014:02:02:48 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP / 1.1" 404 508 "-" "-"

125.231.178.217--[26/2014年2月2日:02:02:49 +0200] "GET /pma/scripts/setup.php HTTP / 1.1" 404 501 "-" "-"

125.231.178.217--[2014年2月26日:02:02:50 +0200] "GET /myadmin/scripts/setup.php HTTP / 1.1" 404 505 "-" "-"

159.253.145.150--[26 / Feb / 2014:02:35:27 +0200] "GET / HTTP / 1.1" 200 1561 "-" "Mozilla / 5.0(ABE、 noscript.net / abe / wan )"

83.253.232.153--[2014年2月26日:03:11:34 +0200] "-" 408 0 "-" "-"

27.32.222.231--[26/2014年2月26日:05:11:34 +0200] "-" 408 0 "-" "-"

209.126.230.74--[26/2014年2月:06:06:23 +0200] "GET /robots.txt HTTP / 1.0" 404 486 "-" "-"

141.212.121.226--[2014年2月26日:06:46:03 +0200] "GET / HTTP / 1.1" 200 728 "-" "Mozilla / 5.0(X11; Linux x86_64; rv:26.0)Gecko / 20100101 Firefox /26.0»

24.177.50.59--[2014年2月26日:07:11:34 +0200] "-" 408 0 "-" "-"

127.0.0.1--[26 / Feb / 2014:08:07:21 +0200] "GET / HTTP / 1.1" 200 723 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[2014年2月26日:08:07:22 +0200]「GET /icons/blank.gif HTTP / 1.1」200438「 127.0.0.1 」「Mozilla / 5.0(X11; Ubuntu; Linux i686) ; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26/2014年2月26日:08:07:22 +0200]「GET /icons/folder.gif HTTP / 1.1」200 515「 127.0.0.1 」「Mozilla / 5.0(X11; Ubuntu; Linux i686) ; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:07:22 +0200] "GET /favicon.ico HTTP / 1.1" 404 498 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0 )Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:07:22 +0200] "GET /favicon.ico HTTP / 1.1" 404 498 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0 )Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:07:27 +0200]「GET / vnstat / HTTP / 1.1」200 1466「 127.0.0.1 」「Mozilla / 5.0(X11; Ubuntu; Linux i686; rv: 27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26/2014年2月26日:08:07:27 +0200] "GET /vnstat/themes/dark/style.css HTTP / 1.1" 200 847 " 127.0.0.1/vnstat " "Mozilla / 5.0( X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:07:32 +0200] "GET /vnstat/index.php?if=ppp0&graph=large&style=dark&page=h HTTP / 1.1" 200 1709 " 127.0.0.1/vnstat "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:07:32 +0200] "GET /vnstat/graph_svg.php?if=ppp0&page=h&style=dark HTTP / 1.1" 200 33287 " 127.0.0.1/vnstat/index .php?if = ppp0&graph = large&style = dark&page = h "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26/2014年2月26日:08:11:11 +0200] "GET / HTTP / 1.1" 200 723 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26/2014年2月:08:11:31 +0200] "GET / HTTP / 1.1" 200 723 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:11:33 +0200] "GET / HTTP / 1.1" 200 722 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:11:38 +0200] "GET / HTTP / 1.1" 200 724 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:11:38 +0200]“ GET /icons/blank.gif HTTP / 1.1” 200438“ localhost ”“ Mozilla / 5.0(X11; Ubuntu; Linux i686; rv :27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:11:38 +0200]「GET /icons/folder.gif HTTP / 1.1」200515「 localhost 」「Mozilla / 5.0(X11; Ubuntu; Linux i686; rv :27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:11:39 +0200] "GET /favicon.ico HTTP / 1.1" 404 498 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0 )Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:11:39 +0200] "GET /favicon.ico HTTP / 1.1" 404 498 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0 )Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[2014年2月26日:08:32:16 +0200] "GET / HTTP / 1.1" 200 724 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:32:22 +0200] "GET / phpmyadmin HTTP / 1.1" 301 557 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:32:22 +0200] "GET / phpmyadmin / HTTP / 1.1" 200 3523 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0) Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200]「GET /phpmyadmin/print.css HTTP / 1.1」200 650「 localhost / phpmyadmin 」「Mozilla / 5.0(X11; Ubuntu; Linux i686) ; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP / 1.1" 200 529 " localhost / phpmyadmin " "Mozilla / 5.0( X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP / 1.1" 200 27229 " localhost / phpmyadmin "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26/2014年2月:08:32:23 +0200]「GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP / 1.1」200 711「 localhost / phpmyadmin 」「Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26/2014年2月26日:08:32:23 +0200] "GET /phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css HTTP / 1.1" 200 6141 " localhost / phpmyadmin "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[2014年2月26日:08:32:23 +0200]「GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP / 1.1」200 9400「 localhost / phpmyadmin 」「Mozilla / 5.0( X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[2014年2月26日:08:32:23 +0200] "GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP / 1.1" 200 9849 " Localhost / phpmyadmin " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0"

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/favicon.ico HTTP / 1.1" 200 19199 "-" "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv :27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1 - - [26/2月/ 2014:08:32:23 0200]«GET /phpmyadmin/phpmyadmin.css.php?server=1&lang=ru&collat​​ion_connection=utf8_general_ci&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=3988383895 HTTP / 1.1»200 9390 " Localhost / phpmyadmin " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0"

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/js/messages.php?lang=en&db=&collat​​ion_connection=utf8_general_ci&token=8de673c629ba577d63c77516c97fce52 HTTP / 1.1 local php 200 / 1.1host 200 / 1.1minhost "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/themes/pmahomme/img/logo_right.png HTTP / 1.1" 200 5049 " localhost / phpmyadmin " "Mozilla / 5.0( X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/themes/pmahomme/img/b_help.png HTTP / 1.1" 200 1022 " localhost / phpmyadmin " "Mozilla / 5.0( X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:23 +0200] "GET /phpmyadmin/themes/pmahomme/img/s_notice.png HTTP / 1.1" 200 910 " localhost / phpmyadmin / phpmyadmin.css.php ?server = 1&lang = ru&collat​​ion_connection = utf8_general_ci&token = 8de673c629ba577d63c77516c97fce52&js_frame = right&nocache = 3988383895 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.00101 Geck]

127.0.0.1--[2014年2月26日:08:32:23 +0200] "GET /phpmyadmin/themes/pmahomme/img/input_bg.gif HTTP / 1.1" 200 452 " localhost / phpmyadmin / phpmyadmin.css.php ?server = 1&lang = ru&collat​​ion_connection = utf8_general_ci&token = 8de673c629ba577d63c77516c97fce52&js_frame = right&nocache = 3988383895 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.00101 Geck]

127.0.0.1--[26 / Feb / 2014:08:32:26 +0200] "POST /phpmyadmin/index.php HTTP / 1.1" 302 739 " localhost / phpmyadmin " "Mozilla / 5.0(X11; Ubuntu; Linux i686 ; rv:27.0)Gecko / 20100101 Firefox / 27.0»

127.0.0.1--[26 / Feb / 2014:08:32:26 +0200] "GET /phpmyadmin/index.php?token=8de673c629ba577d63c77516c97fce52 HTTP / 1.1" 200 3091 " localhost / phpmyadmin " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:26 +0200] "GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP / 1.1" 304 210 " localhost / phpmyadmin / index.php?トークン= 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:26 +0200] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP / 1.1" 304 212 " localhost / phpmyadmin /index.php?token=8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:26 +0200] "GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP / 1.1" 304 210 " localhost / phpmyadmin / index.php ?token = 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26/2014年2月26日:08:32:26 +0200] "GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP / 1.1" 304 211 " localhost / phpmyadmin / index.php?トークン= 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26/2014年2月:08:32:26 +0200] "GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP / 1.1" 304 211 " Localhost / phpmyadmin / index.php?Token = 8de673c629ba577d63c77516c97fce52 " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0"

127.0.0.1--[26/2014年2月26日:08:32:26 +0200]「GET /phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=3988383895 HTTP / 1.1 php localhost // 1.1host php // 1.1host /index.php?token=8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26/2014年2月:08:32:26 +0200] "GET /phpmyadmin/js/messages.php?lang=en&db=&token=8de673c629ba577d63c77516c97fce52 HTTP / 1.1" 200 7061 " localhost / phpmyadmin / index .php?token = 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:27 +0200] "GET /phpmyadmin/themes/pmahomme/img/s_error.png HTTP / 1.1" 200 962 " localhost / phpmyadmin / phpmyadmin.css.php ?サーバー= 1&トークン= 8de673c629ba577d63c77516c97fce52&js_frame = right&nocache = 3988383895 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[2014年2月26日:08:32:28 +0200] "オプション* HTTP / 1.0" 200 126 "-" "Apache / 2.2.22(Ubuntu)(内部ダミー接続)"

127.0.0.1--[26 / Feb / 2014:08:32:30 +0200] "POST /phpmyadmin/index.php HTTP / 1.1" 302 633 " localhost / phpmyadmin / index.php?トークン= 8de673c629ba577d63c77516c97fce52 " "Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:31 +0200] "GET /phpmyadmin/index.php?token=8de673c629ba577d63c77516c97fce52 HTTP / 1.1" 200 1794 " localhost / phpmyadmin / index.php?トークン= 8de673c63c7297577 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:31 +0200] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP / 1.1" 304 212 " localhost / phpmyadmin /index.php?token=8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:31 +0200] "GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP / 1.1" 304 210 " localhost / phpmyadmin / index.php ?token = 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:31 +0200] "GET /phpmyadmin/js/common.js?ts=1329568005 HTTP / 1.1" 200 1787 " localhost / phpmyadmin / index.php?トークン= 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[2014年2月26日:08:32:31 +0200] "オプション* HTTP / 1.0" 200 126 "-" "Apache / 2.2.22(Ubuntu)(内部ダミー接続)"

127.0.0.1--[26 / Feb / 2014:08:32:32 +0200] "GET /phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 HTTP / 1.1" 200 2208 " localhost / phpmyadmin / index.php?Token = 8de673c6372757777 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:32 +0200] "GET /phpmyadmin/js/functions.js HTTP / 1.1" 200 9401 " localhost / phpmyadmin / navigation.php?トークン= 8de673c629ba577d63c77516c97fce52 " " Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:32 +0200] "GET /phpmyadmin/js/navigation.js HTTP / 1.1" 200 1311 " localhost / phpmyadmin / navigation.php?トークン= 8de673c629ba577d63c77516c97fce52 " " Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1--[26 / Feb / 2014:08:32:32 +0200] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js HTTP / 1.1" 200 27229 " localhost / phpmyadmin / navigation.php ?token = 8de673c629ba577d63c77516c97fce52 "" Mozilla / 5.0(X11; Ubuntu; Linux i686; rv:27.0)Gecko / 20100101 Firefox / 27.0 "

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 HTTP/1.1» 200 8413 « localhost/phpmyadmin/index.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/phpmyadmin.css.php?token=8de673c629ba577d63c77516c97fce52&js_frame=left&nocache=5381211889 HTTP/1.1» 200 2023 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/logo_left.png HTTP/1.1» 200 2567 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_loggoff.png HTTP/1.1» 200 979 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_selboard.png HTTP/1.1» 200 989 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_home.png HTTP/1.1» 200 1041 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_sqlhelp.png HTTP/1.1» 200 807 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_reload.png HTTP/1.1» 200 844 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_docs.png HTTP/1.1» 200 1022 « localhost/phpmyadmin/navigation.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/jquery/jquery.sprintf.js?ts=1329568005 HTTP/1.1» 200 839 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/js/jquery/jquery-ui-1.8.custom.js?ts=1329568005 HTTP/1.1» 200 48809 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:32 +0200] «GET /phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 HTTP/1.1» 200 9390 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_host.png HTTP/1.1» 200 958 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_db.png HTTP/1.1» 200 681 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_status.png HTTP/1.1» 200 964 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_import.png HTTP/1.1» 200 880 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_export.png HTTP/1.1» 200 900 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_vars.png HTTP/1.1» 200 833 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_process.png HTTP/1.1» 200 803 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_sql.png HTTP/1.1» 200 1039 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_rights.png HTTP/1.1» 200 824 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_asci.png HTTP/1.1» 200 499 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_engine.png HTTP/1.1» 200 759 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_replication.png HTTP/1.1» 200 738 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_sync.png HTTP/1.1» 200 798 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/window-new.png HTTP/1.1» 200 766 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_tblops.png HTTP/1.1» 200 842 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/left_nav_bg.png HTTP/1.1» 200 505 « localhost/phpmyadmin/phpmyadmin.css.php?token=8de673c629ba577d63c77516c97fce52&js_frame=left&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/database.png HTTP/1.1» 200 681 « localhost/phpmyadmin/phpmyadmin.css.php?token=8de673c629ba577d63c77516c97fce52&js_frame=left&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_passwd.png HTTP/1.1» 200 671 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_lang.png HTTP/1.1» 200 974 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/tab_bg.png HTTP/1.1» 200 450 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_theme.png HTTP/1.1» 200 1092 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:33 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_more.png HTTP/1.1» 200 441 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:38 +0200] «OPTIONS * HTTP/1.0» 200 126 "-" «Apache/2.2.22 (Ubuntu) (internal dummy connection)»

127.0.0.1 — - [26/Feb/2014:08:32:42 +0200] «GET /phpmyadmin/themes/pmahomme/img/tab_hover_bg.png HTTP/1.1» 200 1571 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:44 +0200] «GET /phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 HTTP/1.1» 200 4469 « localhost/phpmyadmin/main.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/jquery/jquery-ui-1.8.custom.js?ts=1329568005 HTTP/1.1» 304 213 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/js/server_privileges.js?ts=1329568005 HTTP/1.1» 200 2304 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_tblexport.png HTTP/1.1» 200 900 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_usrlist.png HTTP/1.1» 200 991 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/themes/pmahomme/img/arrow_ltr.png HTTP/1.1» 200 432 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_usredit.png HTTP/1.1» 200 1070 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_usradd.png HTTP/1.1» 200 982 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:45 +0200] «GET /phpmyadmin/themes/pmahomme/img/b_usrdrop.png HTTP/1.1» 200 1004 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:47 +0200] «GET /phpmyadmin/themes/pmahomme/img/marked_bg.png HTTP/1.1» 200 483 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:32:52 +0200] «OPTIONS * HTTP/1.0» 200 126 "-" «Apache/2.2.22 (Ubuntu) (internal dummy connection)»

127.0.0.1 — - [26/Feb/2014:08:33:06 +0200] «POST /phpmyadmin/server_privileges.php HTTP/1.1» 200 9768 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:07 +0200] «GET /phpmyadmin/themes/pmahomme/img/s_success.png HTTP/1.1» 200 772 « localhost/phpmyadmin/phpmyadmin.css.php?server=1&token=8de673c629ba577d63c77516c97fce52&js_frame=right&nocache=5381211889 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:11 +0200] «POST /phpmyadmin/server_privileges.php HTTP/1.1» 200 3242 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52&adduser=1&ajax_request=true HTTP/1.1» 200 2983 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:14 +0200] «GET /phpmyadmin/js/messages.php?lang=ru&db=&token=ca479906932de909ade933288ad497df HTTP/1.1» 200 7061 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/themes/pmahomme/jquery/images/ui-bg_flat_75_ffffff_40x100.png HTTP/1.1» 200 377 « localhost/phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 HTTP/1.1» 200 2983 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/phpmyadmin.css.php?server=1&token=ca479906932de909ade933288ad497df&js_frame=right&nocache=3988383895 HTTP/1.1» 200 9391 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/themes/pmahomme/jquery/images/ui-bg_flat_0_aaaaaa_40x100.png HTTP/1.1» 200 376 « localhost/phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/themes/pmahomme/jquery/images/ui-bg_highlight-soft_75_cccccc_1x100.png HTTP/1.1» 200 375 « localhost/phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/themes/pmahomme/jquery/images/ui-icons_222222_256x240.png HTTP/1.1» 200 4116 « localhost/phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/themes/pmahomme/jquery/images/ui-bg_glass_75_e6e6e6_1x400.png HTTP/1.1» 200 401 « localhost/phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/phpmyadmin.css.php?server=1&token=ee4c0fdbda153308186e1ea982fb430f&js_frame=right&nocache=3988383895 HTTP/1.1» 200 9390 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:15 +0200] «GET /phpmyadmin/js/messages.php?lang=ru&db=&token=ee4c0fdbda153308186e1ea982fb430f HTTP/1.1» 200 7061 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:21 +0200] «OPTIONS * HTTP/1.0» 200 126 "-" «Apache/2.2.22 (Ubuntu) (internal dummy connection)»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «POST /phpmyadmin/index.php HTTP/1.1» 302 632 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «GET /phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f HTTP/1.1» 200 3242 « localhost/phpmyadmin/server_privileges.php?token=8de673c629ba577d63c77516c97fce52 » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:23 +0200] «GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:28 +0200] «POST /phpmyadmin/index.php HTTP/1.1» 302 633 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:28 +0200] «GET /phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f HTTP/1.1» 200 3242 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:28 +0200] «GET /phpmyadmin/js/cross_framing_protection.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:28 +0200] «GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1329568005 HTTP/1.1» 304 212 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:28 +0200] «GET /phpmyadmin/js/update-location.js?ts=1329568005 HTTP/1.1» 304 210 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»

127.0.0.1 — - [26/Feb/2014:08:33:28 +0200] «GET /phpmyadmin/js/functions.js?ts=1329568005 HTTP/1.1» 304 211 « localhost/phpmyadmin/index.php?token=ee4c0fdbda153308186e1ea982fb430f » «Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0»





Error.logの最終更新:

error.log
[Tue Feb 25 11:42:25 2014] [error] [client 37.150.235.39] File does not exist: /var/www/setup.htm

[Tue Feb 25 13:11:04 2014] [error] [client 222.3.122.108] File does not exist: /var/www/start.htm

[Tue Feb 25 13:33:03 2014] [error] [client 178.20.225.110] script not found or unable to stat: /usr/lib/cgi-bin/php

[Tue Feb 25 13:33:03 2014] [error] [client 178.20.225.110] script not found or unable to stat: /usr/lib/cgi-bin/php5

[Tue Feb 25 13:57:52 2014] [error] [client 91.206.201.244] script not found or unable to stat: /usr/lib/cgi-bin/php

[Tue Feb 25 13:57:52 2014] [error] [client 91.206.201.244] script not found or unable to stat: /usr/lib/cgi-bin/php5

[Tue Feb 25 13:57:56 2014] [error] [client 91.206.201.244] script not found or unable to stat: /usr/lib/cgi-bin/php-cgi

[Tue Feb 25 13:57:59 2014] [error] [client 91.206.201.244] script not found or unable to stat: /usr/lib/cgi-bin/php.cgi

[Tue Feb 25 13:57:59 2014] [error] [client 91.206.201.244] script not found or unable to stat: /usr/lib/cgi-bin/php4

[Tue Feb 25 16:15:41 2014] [error] [client 203.171.229.184] File does not exist: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:)

[Tue Feb 25 16:37:26 2014] [error] [client 190.245.72.32] Invalid method in request \x80w\x01\x03\x01

[Tue Feb 25 19:39:07 2014] [notice] caught SIGTERM, shutting down

[Tue Feb 25 19:43:37 2014] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch configured — resuming normal operations

[Tue Feb 25 19:46:28 2014] [error] [client 127.0.0.1] File does not exist: /var/www/favicon.ico

[Tue Feb 25 20:56:02 2014] [error] [client 91.192.147.154] File does not exist: /var/www/HNAP1

[Tue Feb 25 21:00:27 2014] [error] [client 211.24.250.130] File does not exist: /var/www/invoker

[Tue Feb 25 21:00:28 2014] [error] [client 211.24.250.130] File does not exist: /var/www/invoker

[Tue Feb 25 21:15:46 2014] [error] [client 211.24.250.130] File does not exist: /var/www/invoker

[Tue Feb 25 21:15:47 2014] [error] [client 211.24.250.130] File does not exist: /var/www/invoker

[Tue Feb 25 21:27:15 2014] [error] [client 211.24.250.130] File does not exist: /var/www/invoker

[Tue Feb 25 21:27:15 2014] [error] [client 211.24.250.130] File does not exist: /var/www/invoker

[Tue Feb 25 22:28:28 2014] [error] [client 175.180.64.70] File does not exist: /var/www/phpTest

[Tue Feb 25 22:28:29 2014] [error] [client 175.180.64.70] File does not exist: /var/www/phpMyAdmin

[Tue Feb 25 22:28:30 2014] [error] [client 175.180.64.70] File does not exist: /var/www/pma

[Tue Feb 25 22:28:31 2014] [error] [client 175.180.64.70] File does not exist: /var/www/myadmin

[Wed Feb 26 01:09:54 2014] [error] [client 54.205.217.245] script not found or unable to stat: /usr/lib/cgi-bin/php

[Wed Feb 26 01:09:54 2014] [error] [client 54.205.217.245] script not found or unable to stat: /usr/lib/cgi-bin/php5

[Wed Feb 26 01:09:54 2014] [error] [client 54.205.217.245] script not found or unable to stat: /usr/lib/cgi-bin/php-cgi

[Wed Feb 26 01:09:55 2014] [error] [client 54.205.217.245] script not found or unable to stat: /usr/lib/cgi-bin/php.cgi

[Wed Feb 26 01:09:55 2014] [error] [client 54.205.217.245] script not found or unable to stat: /usr/lib/cgi-bin/php4

[Wed Feb 26 02:00:00 2014] [error] [client 140.117.221.97] File does not exist: /var/www/phpTest

[Wed Feb 26 02:00:00 2014] [error] [client 140.117.221.97] File does not exist: /var/www/phpMyAdmin

[Wed Feb 26 02:00:01 2014] [error] [client 140.117.221.97] File does not exist: /var/www/pma

[Wed Feb 26 02:00:02 2014] [error] [client 140.117.221.97] File does not exist: /var/www/myadmin

[Wed Feb 26 02:02:48 2014] [error] [client 125.231.178.217] File does not exist: /var/www/phpTest

[Wed Feb 26 02:02:48 2014] [error] [client 125.231.178.217] File does not exist: /var/www/phpMyAdmin

[Wed Feb 26 02:02:49 2014] [error] [client 125.231.178.217] File does not exist: /var/www/pma

[Wed Feb 26 02:02:50 2014] [error] [client 125.231.178.217] File does not exist: /var/www/myadmin

[Wed Feb 26 06:06:23 2014] [error] [client 209.126.230.74] File does not exist: /var/www/robots.txt

[Wed Feb 26 08:07:22 2014] [error] [client 127.0.0.1] File does not exist: /var/www/favicon.ico

[Wed Feb 26 08:07:22 2014] [error] [client 127.0.0.1] File does not exist: /var/www/favicon.ico

[Wed Feb 26 08:11:39 2014] [error] [client 127.0.0.1] File does not exist: /var/www/favicon.ico

[Wed Feb 26 08:11:39 2014] [error] [client 127.0.0.1] File does not exist: /var/www/favicon.ico

[Wed Feb 26 08:11:49 2014] [notice] caught SIGTERM, shutting down

[Wed Feb 26 08:32:11 2014] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch configured — resuming normal operations





access.logのログから判断すると、ボットはプロキシとしてサーバーに接続しようとしているようです。そして、404だけでなく200の答えもあるという事実から判断すると、彼らはそれを手に入れます。



後で判明したように、上司の息子は罪悪感に気付いて休息を取り、アカウントのパスワードを変更し、Apacheを更新し、ssh設定を掘り下げたと伝えました。



ソースデータに基づいて、プロキシボットがsshをスキャンし、同時にパスワードを選択することを確立できました。若い才能はユーザーログインと「fack_off」のパスワードを持っていることが判明したため、ボットがサーバーに到達しました。ログインしたログ、またはログに記録された内容から判断すると、ボットは実行中のサービスをスキャンし、Apacheが見つかった場合はプロキシサーバーをフックし、Uncle Billyからボットネットモジュール自体をロードしました。



ValdikSSの記事にリストされている上記の症状とファイルもすべて私にありました。



日時:
新しいApach構成と古いApach構成を比較すると、更新中にmodがオンになっていることがわかりました:mod_proxy。オフにすると、トラフィックは生成されなくなります。



All Articles