Instalaciones en phpMyAdmin
May 3, 2009
15:01:21 W3SVC1 0.0.0.0 GET /phpMyAdmin/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /main.php – 80 – 0.0.0.0 – 404 0 2
15:01:21 W3SVC1 0.0.0.0 GET /php/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /PMA/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /phpmyadmin/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /phpmyadmin2/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /db/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /mysql/main.php – 80 – 0.0.0.0 – 404 0 3
15:01:21 W3SVC1 0.0.0.0 GET /myadmin/main.php – 80 – 0.0.0.0 – 404 0 3
15:03:24 W3SVC1 0.0.0.0 GET /phpmyadmin/main.php – 80 – 0.0.0.0 – 404 0 3
15:03:24 W3SVC1 0.0.0.0 GET /phpMyAdmin/main.php – 80 – 0.0.0.0 – 404 0 3
15:03:24 W3SVC1 0.0.0.0 GET /myadmin/main.php – 80 – 0.0.0.0 – 404 0 3
Recomendaciones para posibles ataques en phpMyAdmin
- Actualizar phpMyAdmin
- Cambiar la ruta
- Autenticar directorio
Entradas en logs del rastreador “Toata dragostea mea pentru diavola”:
/4images/index.php;5
/ACalendar/embed/day.php;4
/Blog/BlogModel.php;5
/CMS/lib/helparea.js;10
/Coppermine/include/install.lock;10
/CubeCart/includes/orderSuccess.inc.php;5
/Farsi1/index.php;4
/Forums/bb_smilies.php;4
/Gallery/displayCategory.php;5
/Gallery/include/install.lock;10
/GradeMap/index.php;5
/MOD_forum_fields_parse.php;5
/My_eGallery/public/displayCategory.php;5
/PHPNews/auth.php;5
/PhotoGal/ops/gals.php;5
/Popper/index.php;4
/SQuery/lib/gore.php;5
/Sources/Packages.php;5
/_components/com_rsgallery/rsgallery.html.php;5
/_conf/core/common-tpl-vars.php;5
/_functions.php;5
/_head.php;5
/_wk/wk_lang.php;5
/aMember/plugins/db/mysql/mysql.inc.php;4
/aWebNews/visview.php;5
/achievo/atk/javascript/class.atkdateattribute.js.php;5
/add.php;4
/addevent.inc.php;5
/addsite.php;5
/adlayer.php;5
/admin.php;10
/admin/addentry.php;5
/admin/admin_spam.php;5
/admin/admin_styles.php;5
/admin/admin_topic_action_logging.php;5
/admin/business_inc/saveserver.php;12
/admin/common.inc.php;5
/admin/config_settings.tpl.php;5
/admin/configset.php;5
/admin/includes/classes/spaw/spaw_control.class.php;4
/admin/lang.php;5
/admin/modules_data.php;5
/admin/objects.inc.php4;5
/admin/plog-admin-functions.php;5
/admin_modules/admin_module_captions.inc.php;5
/admin_modules/admin_module_delcomments.inc.php;5
/admin_modules/admin_module_deldir.inc.php;5
/admin_modules/admin_module_delimage.inc.php;5
/admin_modules/admin_module_edit.inc.php;5
/admin_modules/admin_module_rotimage.inc.php;5
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php;5
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php;5
/administrator/components/com_admin/admin.admin.html.php;4
/administrator/components/com_babackup/classes/Tar.php;5
/administrator/components/com_bayesiannaivefilter/lang.php;5
/administrator/components/com_chronocontact/excelwriter/PPS.php;5
/administrator/components/com_chronocontact/excelwriter/PPS/File.php;5
/administrator/components/com_chronocontact/excelwriter/Writer.php;5
/administrator/components/com_chronocontact/excelwriter/Writer/BIFFwriter.php;5
/administrator/components/com_chronocontact/excelwriter/Writer/Format.php;5
/administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php;3
/administrator/components/com_chronocontact/excelwriter/Writer/Worksheet.php;5
/administrator/components/com_clickheat/Recly/Clickheat/Cache.php;5
/administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.php;5
/administrator/components/com_clickheat/Recly/common/GlobalVariables.php;5
/administrator/components/com_clickheat/includes/heatmap/_main.php;4
/administrator/components/com_clickheat/includes/heatmap/main.php;5
/administrator/components/com_clickheat/includes/overview/main.php;5
/administrator/components/com_clickheat/install.clickheat.php;5
/administrator/components/com_colophon/admin.colophon.php;4
/administrator/components/com_competitions/includes/competitions/add.php;5
/administrator/components/com_competitions/includes/competitions/competitions.php;5
/administrator/components/com_competitions/includes/settings/settings.php;5
/administrator/components/com_comprofiler/plugin.class.php;5
/administrator/components/com_cropimage/admin.cropcanvas.php;5
/administrator/components/com_dadamail/config.dadamail.php;4
/administrator/components/com_feederator/includes/tmsp/add_tmsp.php;5
/administrator/components/com_feederator/includes/tmsp/edit_tmsp.php;5
/administrator/components/com_feederator/includes/tmsp/subscription.php;5
/administrator/components/com_feederator/includes/tmsp/tmsp.php;5
/administrator/components/com_googlebase/admin.googlebase.php;5
/administrator/components/com_jcs/jcs.function.php;5
/administrator/components/com_jcs/view/add.php;5
/administrator/components/com_jcs/view/history.php;5
/administrator/components/com_jcs/view/register.php;5
/administrator/components/com_jcs/views/list.sub.html.php;4
/administrator/components/com_jcs/views/list.user.sub.html.php;5
/administrator/components/com_jcs/views/reports.html.php;5
/administrator/components/com_jim/install.jim.php;5
/administrator/components/com_jjgallery/admin.jjgallery.php;5
/administrator/components/com_joomla-visites/core/include/myMailer.class.php;4
/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php;5
/administrator/components/com_juser/xajax_functions.php;5
/administrator/components/com_kochsuite/config.kochsuite.php;5
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php;5
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php;5
/administrator/components/com_mambelfish/mambelfish.class.php;5
/administrator/components/com_mgm/help.mgm.php;5
/administrator/components/com_mmp/help.mmp.php;5
/administrator/components/com_mosmedia/includes/credits.html.php;5
/administrator/components/com_mosmedia/includes/info.html.php;5
/administrator/components/com_mosmedia/includes/media.divs.js.php;5
/administrator/components/com_mosmedia/includes/media.divs.php;4
/administrator/components/com_mosmedia/includes/purchase.html.php;5
/administrator/components/com_mosmedia/includes/support.html.php;5
/administrator/components/com_multibanners/extadminmenus.class.php;5
/administrator/components/com_ongumatimesheet20/lib/onguma.class.php;5
/administrator/components/com_panoramic/admin.panoramic.php;5
/administrator/components/com_peoplebook/param.peoplebook.php;5
/administrator/components/com_phpshop/toolbar.phpshop.html.php;5
/administrator/components/com_remository/admin.remository.php;5
/administrator/components/com_rssreader/admin.rssreader.php;5
/administrator/components/com_serverstat/install.serverstat.php;5
/administrator/components/com_treeg/admin.treeg.php;5
/administrator/components/com_uhp/uhp_config.php;5
/administrator/components/com_webring/admin.webring.docs.php;5
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php;5
/agenda.php3;5
/agenda2.php3;5
/agendax/addevent.inc.php;5
/akocomments.php;4
/al_initialize.php;4
/album/include/install.lock;10
/album_portal.php;5
/allmylinks/include/footer.inc.php;5
/allmylinks/include/info.inc.php;5
/announcements.php;5
/apa_phpinclude.inc.php;5
/apc-aa/cached.php3;5
/apc-aa/cron.php3;4
/application.php;4
/armygame.php;5
/arpuivo.php;5
/art/include/install.lock;10
/artmedic-kleinanzeigen-path/index.php;5
/ashheadlines.php;5
/ashnews.php;5
/auction/auction_common.php;4
/auth/auth.php;10
/auth/auth_phpbb/phpbb_root_path=http:/glendalehills.am/photo.gif;5
/b2-tools/gm-2-b2.php;5
/backend/addons/links/index.php;5
/bad_link.php;5
/bazar/classified_right.php;5
/bb_lib/checkdb.inc.php;4
/bbs/include/write.php;5
/become_editor.php;5
/becommunity/community/index.php;5
/bin/msgimport;28
/bin/program/js/list.js;1
/blend_data/blend_common.php;5
/block.php;5
/browse.php;5
/bt/login_page.php;1
/bug/login_page.php;19
/bug/return_dynamic_filters.php;1
/bug_sponsorship_list_view_inc.php;5
/bugs/login_page.php;20
/bugs/signup_page.php;1
/bugsforge/login_page.php;1
/bugtrack/login_page.php;20
/bugtrack/return_dynamic_filters.php;1
/bugtracker/login_page.php;21
/bugtracker/return_dynamic_filters.php;1
/bugtracker/signup_page.php;1
/cacti/include/config_settings.php;4
/cal/tools/send_reminders.php;10
/calendar/add_event.php;4
/calendar/calendar.php;5
/calendar/embed/day.php;5
/calendar/events/datePicker.php;4
/calendar/events/header.inc.php;5
/calendar/functions/popup.php;5
/calendar/index.php;5
/calendar/setup/header.inc.php;5
/calendar/setup/setupSQL.php;5
/calendar/tools/send_reminders.php;10
/calogic/reconfig.php;4
/captionator.php;5
/catalog/includes/include_once.php;5
/cgi-bin/admin.php;5
/cgi-bin/awstats.pl;5
/cgi-bin/calendar.pl;4
/cgi-bin/classes/adodbt/sql.php;5
/cgi-bin/gadgets/Blog/BlogModel.php;4
/cgi-bin/include/print_category.php;5
/cgi-bin/include/write.php;4
/cgi-bin/install/index.php;5
/cgi-bin/main.php;5
/cgi-bin/readme.txt;1
/chat/messagesL.php3;3
/claroline/auth/extauth/drivers/ldap.inc.php;5
/claroline/auth/ldap/authldap.php;5
/class.mysql.php;4
/classes.php;5
/classes/adodbt/sql.php;5
/classified_right.php;5
/cmd.php;5
/cmd/product_info.php/products_id/1622/shop_content.php;5
/cms/lib/helparea.js;10
/cms_path;1
/cms_path/config/userconfig.php;1
/cms_path/userconfig.php;1
/cmsmadesimple-1.2.3/lib/helparea.js;10
/cmsmadesimple-1.2.4/lib/helparea.js;10
/cmsmadesimple/lib/helparea.js;10
/com_bsq_sitestats/external/rssfeed.php;5
/com_directory/modules/mod_pxt_latest.php;5
/com_joomla_flash_uploader/install.joomla_flash_uploader.php;5
/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php;4
/community/modules/agendax/addevent.inc.php;5
/component/com_onlineflashquiz/quiz/common/db_config.inc.php;5
/components/com_artlinks/artlinks.dispnew.php;5
/components/com_bsq_sitestats/external/rssfeed.php;4
/components/com_cpg/cpg.php;5
/components/com_extcalendar/admin_events.php;5
/components/com_extcalendar/extcalendar.php;5
/components/com_extended_registration/registration_detailed.inc.php;5
/components/com_facileforms/facileforms.frame.php;5
/components/com_flyspray/startdown.php;5
/components/com_fm/fm.install.php;5
/components/com_forum/download.php;5
/components/com_galleria/galleria.html.php;5
/components/com_hashcash/server.php;5
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php;5
/components/com_jd-wiki/lib/tpl/default/main.php;5
/components/com_jreviews/scripts/xajax.inc.php;4
/components/com_lmo/lmo.php;5
/components/com_loudmounth/includes/abbc/abbc.class.php;5
/components/com_madeira/img.php;4
/components/com_mambatstaff/mambatstaff.php;4
/components/com_mambowiki/MamboLogin.php;5
/components/com_moodle/moodle.php;5
/components/com_mospray/scripts/admin.php;5
/components/com_mp3_allopass/allopass-error.php;5
/components/com_mp3_allopass/allopass.php;5
/components/com_mtree/Savant2/Savant2_Plugin_textarea.php;5
/components/com_pcchess/include.pcchess.php;5
/components/com_pccookbook/pccookbook.php;3
/components/com_performs/performs.php;4
/components/com_pollxt/conf.pollxt.php;5
/components/com_reporter/processor/reporter.sql.php;5
/components/com_securityimages/configinsert.php;5
/components/com_securityimages/lang.php;4
/components/com_simpleboard/file_upload.php;4
/components/com_simpleboard/image_upload.php;5
/components/com_sitemap/sitemap.xml.php;5
/components/com_slideshow/admin.slideshow1.php;5
/components/com_smf/smf.php;5
/components/com_videodb/core/videodb.class.xml.php;5
/components/com_zoom/classes/fs_unix.php;5
/components/com_zoom/includes/database.php;4
/components/minibb/index.php;5
/config.php;5
/config/userconfig.php;1
/contacts.php;5
/content.php;10
/convert-date.php;5
/coppercop/theme.php;5
/coppermine/include/install.lock;10
/coppermine/themes/maze/theme.php;5
/coppermine/thumbnails.php;5
/copperminegallery/include/install.lock;10
/cpcommerce/_functions.php;5
/cpg/include/install.lock;10
/cube/bin/msgimport;2
/cube/program/js/list.js;1
/cutenews/comments.php;5
/cvs/index2.php;2
/db.php;4
/db_adodb.php;5
/default.php;4
/demo/includes/init.php;5
/derniers_commentaires.php;5
/detail.php;5
/displayCategory.php;4
/dkp/includes/dbal.php;4
/docebo/modules/credits/help.php;5
/domain_default_page/index.html;4
/dotProject/modules/admin/vw_usr_roles.php;5
/dotproject/includes/db_adodb.php;4
/dotproject/modules/files/index_table.php;4
/dotproject/modules/projects/addedit.php;4
/dotproject/modules/projects/view.php;4
/dotproject/modules/projects/vw_files.php;4
/dotproject/modules/tasks/addedit.php;4
/dotproject/modules/tasks/viewgantt.php;4
/e107/e107_handlers/secure_img_render.php;4
/eblog/blog.inc.php;4
/editsite.php;4
/email.php;4
/email/program/js/list.js;3
/eqdkp/includes/dbal.php;4
/errors.php;4
/eshow.php;4
/event/index.php;3
/examples/phonebook.php;4
/expanded.php;4
/extensions/moblog/moblog_lib.php;4
/extras/poll/poll.php;4
/eyeos/desktop.php;4
/fact/components/com_rsgallery/rsgallery.html.php;4
/family/phpgedview/index.php;4
/fav.php;3
/fclick/show.php;4
/forum/addpost_newpoll.php;4
/forum/admin/actions/del.php;4
/forum/admin/addentry.php;3
/forum/auth/auth.php;4
/forum/auth/auth_phpbb/phpbb_root_path=http:/glendalehills.am/photo.gif;4
/forum/bb_admin.php;4
/forum/impex/ImpExData.php;3
/forum/include/common.php;4
/forum/includes/archive/archive_topic.php;4
/forum/includes/kb_constants.php;4
/forum/index.php;4
/forum/language/lang_english/lang_activity.php;4
/forum/misc.php;3
/forum/toplist.php;5
/forum/ubbt.inc.php;5
/forum/ubbthreads.php;5
/forum/viewtopic.php;5
/forums.php;5
/forums/addpost_newpoll.php;4
/forums/bb_admin.php;4
/forums/impex/ImpExData.php;4
/forums/includes/kb_constants.php;5
/forums/index.php;5
/forums/toplist.php;4
/forums/ubbt.inc.php;4
/functions_rpg_events.php;5
/gadgets/Blog/BlogModel.php;5
/galeri/index.php;4
/galeria/include/install.lock;10
/galerie/include/install.lock;10
/gallery.php=http:/glendalehills.am/photo.gif;5
/gallery/captionator.php;5
/gallery/components/com_rsgallery2/rsgallery.html.php;4
/gallery/include/install.lock;9
/gallery/index.php;4
/gallery/init.php;5
/gallery/thumbnails.php;5
/gb/form.inc.php3;5
/get_rated.php;4
/globals.php3;5
/gnu/index.php;4
/gnu3/index.php;5
/guestbook/admin.php;5
/guestbook/model.php;5
/gui/include/sql.php;5
/hcl/inc/pipe.php;5
/hedgehog-cms/;1
/hedgehog-cms/config;1
/hedgehog-cms/config/specialacts.php;1
/hedgehog-cms/config/userconfig.php;1
/hedgehog-cms/specialacts.php;1
/hedgehog-cms/userconfig.php;1
/help/faq/inc/pipe.php;5
/helpcenter/inc/pipe.php;5
/homepage.php;5
/html/affich.php;4
/htmltonuke.php;5
/icebb/;1
/ideabox/include.php;5
/iframe.php;5
/impex/ImpExData.php;5
/in.php;4
/inc/authform.inc.php;5
/inc/formmail.inc.php;5
/inc/header.php/step_one.php;5
/inc/nuke_include.php;5
/inc/pipe.php;5
/inc/shows.inc.php;5
/inc/step_one_tables.php;5
/include/SQuery/gameSpy2.php;5
/include/authform.inc.php;4
/include/common.php;5
/include/db.php;4
/include/footer.inc.php;5
/include/global.php;4
/include/help.php;4
/include/inc_ext/spaw/dialogs/table.php;5
/include/init.inc.php;5
/include/install.lock;10
/include/livre_include.php;10
/include/main.php;5
/include/msql.php;5
/include/mssql7.php;5
/include/mysql.php;5
/include/new-visitor.inc.php;5
/include/oci8.php;4
/include/postgres.php;5
/include/postgres65.php;5
/include/print_category.php;5
/include/write.php;4
/includes/archive/archive_topic.php;4
/includes/calendar.php;5
/includes/class_template.php;8
/includes/db_adodb.php;3
/includes/db_connect.php;5
/includes/dbal.php;3
/includes/functions.php;5
/includes/functions_mod_user.php;4
/includes/functions_nomoketos_rules.php;5
/includes/functions_num_image.php;5
/includes/functions_portal.php;5
/includes/functions_static_topics.php;5
/includes/functions_user_viewed_posts.php;5
/includes/header.php;5
/includes/include_once.php;4
/includes/include_onde.php;5
/includes/journals_edit.php;4
/includes/kb_constants.php;5
/includes/logger_engine.php;5
/includes/openid/Auth/OpenID/BBStore.php;5
/includes/orderSuccess.inc.php;10
/includes/pafiledb_constants.php;5
/includes/page_header.php;5
/includes/phpdig/includes/config.php;5
/includes/session.php;5
/includes/setup.php;4
/includes/themen_portal_mitte.php;5
/index;5
/index.asp;1
/index.cfm;1
/index.cgiupgrade_album.php;5
/index.inc.php;5
/index.php;393
/index.php/main.php;5
/index/wp-content/plugins/Enigma2.php;4
/index1.php;20
/index2.php;29
/infusions/last_seen_users_panel/last_seen_users_panel.php;4
/install.php;3
/install/index.php;9
/invoice.php;5
/ipchat.php;5
/issue/login_page.php;1
/issuetracker/login_page.php;9
/jaf/index.php;5
/journal.php;5
/js/list.js;1
/ladder/stats.php;5
/ladders/stats.php;5
/language/lang_english/lang_activity.php;5
/language/lang_french/lang_prillian_faq.php;4
/lat2cyr.php;5
/learnlinc/clmcpreload.php;5
/lib/gore.php;5
/lib/helparea.js;10
/library/editor/editor.php;5
/library/lib.php;5
/link_main.php;5
/links.php;5
/lire.php;5
/list.php;5
/live-support/inc/pipe.php;5
/live/help.php;5
/live/inc/pipe.php;5
/livehelp/inc/pipe.php;5
/local/investing_industrialeastate1.php;5
/login.php;4
/login_page.php;24
/loginout.php;5
/m2f/m2f_forum.php;5
/magicforum/misc.php;5
/mail/;1
/mail/bin/msgimport;31
/mail/index.php;5
/mail/program/js/list.js;3
/mail/roundcube/bin/msgimport;1
/mail2/bin/msgimport;2
/mail_autocheck.php;5
/mailing_list.php;5
/main.php;19
/main/lib/helparea.js;10
/main/phgstats.php;5
/mainfile.php;4
/mambo/index;4
/mambo/index2.php;5
/manager/frontinc/prepend.php;5
/mantis/login_page.php;32
/mantis/return_dynamic_filters.php;1
/mantis/signup_page.php;1
/mantisbt/login_page.php;18
/mantisbt/return_dynamic_filters.php;1
/master.php;5
/misc/mantis/login_page.php;3
/modernbill/samples/news.php;3
/modify.php;5
/mods/iai/includes/constants.php;5
/modules.php;10
/modules/4nAlbum/public/displayCategory.php;5
/modules/AllMyGuests/signin.php;5
/modules/Forums/admin/admin_avatar.php;5
/modules/Forums/admin/admin_board.php;5
/modules/Forums/admin/admin_disallow.php;4
/modules/Forums/admin/admin_forum_prune.php;4
/modules/Forums/admin/admin_forums.php;3
/modules/Forums/admin/admin_mass_email.php;5
/modules/Forums/admin/admin_smilies.php;4
/modules/Forums/admin/admin_styles.php;4
/modules/Forums/admin/admin_users.php;5
/modules/Forums/admin/index.php;4
/modules/Forums/bb_smilies.php;5
/modules/My_eGallery/index.php;5
/modules/My_eGallery/public/displayCategory.php;10
/modules/My_eGallery/public/imagen.php;4
/modules/My_eGallery/public/inc/;10
/modules/NukeAI/util.php;5
/modules/PNphpBB2/includes/functions_admin.php;5
/modules/TotalCalendar/index.php;4
/modules/admin/include/localize.php;5
/modules/admin/molo.txt;5
/modules/admin/vw_usr_roles.php;5
/modules/agendax/addevent.inc.php;5
/modules/calendar/index.php;5
/modules/center/admin/accounts/process.php;5
/modules/cjaycontent/admin/editor2/spaw_control.class.php;5
/modules/coppermine/include/init.inc.php;10
/modules/coppermine/themes/coppercop/theme.php;4
/modules/coppermine/themes/default/theme.php;5
/modules/coppermine/themes/maze/theme.php;5
/modules/credits/help.php;5
/modules/foro/includes/functions_admin.php;5
/modules/mod_calendar.php;5
/modules/mod_mainmenu.php;5
/modules/module_db.php;5
/modules/newbb_plus/class/class.forumposts.php;5
/modules/newbb_plus/class/forumpollrenderer.php;10
/modules/news/archivednews.php;5
/modules/phpRPC/library/system/createMethod.sig;1
/modules/phprpc/library/system/createMethod.sig;1
/modules/postguestbook/styles/internal/header.php;5
/modules/projects/gantt.php;5
/modules/projects/gantt2.php;5
/modules/projects/vw_files.php;5
/modules/public/calendar.php;5
/modules/public/date_format.php;5
/modules/tasks/gantt.php;5
/modules/vWar_Account/includes/functions_common.php;4
/modules/vWar_Account/includes/get_header.php;5
/modules/vwar/admin/admin.php;4
/modules/xgallery/upgrade_album.php;5
/modules/xoopsgallery/upgrade_album.php;5
/mss2/bin/msgimport;2
/mt-comments.cgi;5
/mwchat/libs/start_lobby.php;5
/myPHPCalendar/admin.php;5
/mygallery/myfunctions/mygallerybrowser.php;5
/new.php;5
/new/bbs/include/write.php;5
/news/include/install.lock;10
/news_detail.php;5
/nphp/nphpd.php;5
/nucleus/libs/globalfunctions.php;5
/nukebrowser.php;5
/old_reports.php;5
/oneadmin/config.php;5
/os/pointer.php;5
/osticket/include/main.php;5
/owl/lib/OWL_API.php=http:/glendalehills.am/photo.gif;5
/p_uppc_francais/pages_php/p_aidcon_conseils/index.php;4
/pafiledb/includes/pafiledb_constants.php;4
/page.php;5
/pathofhostadmin/;5
/phgstats/index.php;5
/phorum/admin/actions/del.php;5
/phorum/plugin/replace/plugin.php;5
/photo/include/install.lock;10
/photoalbum/include/install.lock;10
/photobook/include/install.lock;10
/photogallery2/include/install.lock;10
/photos/include/install.lock;10
/php/mambo/index2.php;5
/php/mantis/login_page.php;3
/phpBB/admin/admin_styles.php;5
/phpBB/includes/pafiledb_constants.php;5
/phpBB2/admin/admin_cash.php;5
/phpBB2/includes/functions_mod_user.php;5
/phpBB2/shoutbox.php;5
/phpBazar/classified_right.php;4
/phpGedView/individual.php;5
/phpMyChat/chat/messagesL.php3;4
/phpRPC/library/system/createMethod.sig;1
/phpWebLog/include/init.inc.php;5
/phpatm/index.php;5
/phpauction/phpAdsNew/view.inc.php;5
/phpbb_security.php;4
/phpcoin/config.php;5
/phpdig/includes/config.php;3
/phpgedview/help_text_vars.php;5
/phpgwapi/setup/tables_update.inc.php;5
/phplive/help.php;4
/phplive/setup/header.php;5
/phpopenchat/contrib/yabbse/poc.php;5
/phpprojekt/lib/authform.inc.php;5
/phprpc/library/system/createMethod.sig;1
/phpshop/index.php;5
/pick.php;5
/pictures/include/install.lock;10
/pivot/modules/module_db.php;5
/plugins/BackUp/Archive.php;5
/plugins/BackUp/Archive/Predicate.php;3
/plugins/BackUp/Archive/Reader.php;4
/plugins/BackUp/Archive/Writer.php;5
/plugins/myflash/myflash-button.php;5
/plugins/sniplets/modules/syntax_highlight.php;5
/plugins/wordtube/wordtube-button.php;5
/plugins/wp-table/js/wptable-button.phpp;4
/pm/includes/db_adodb.php;5
/pm/lib.inc.php;9
/pmwiki;5
/poll/admin/common.inc.php;5
/pollensondage.inc.php;5
/pollvote/pollvote.php;4
/portal/lib/helparea.js;10
/portal/login_page.php;1
/power_search.php;5
/presse/stampa.php3;5
/print.php;5
/program/js/list.js;3
/projects/includes/db_adodb.php;5
/projects/login_page.php;1
/protection.php;5
/public_includes/pub_popup/popup_finduser.php;5
/q-news.php;5
/quick_reply.php;5
/r.php;5
/rating.php;5
/rc/bin/msgimport;3
/rc/program/js/list.js;3
/rcb/bin/msgimport;1
/readme.txt;1
/register.php;5
/release-0.1-stable/bin/msgimport;1
/religions/faq.php;5
/research/boards/encapsbb-0.3.2_fixed/index_header.php;5
/return_dynamic_filters.php;2
/review.php;5
/rms/bin/msgimport;2
/round/bin/msgimport;2
/roundcube-0.1/bin/msgimport;7
/roundcube-0.2/bin/msgimport;2
/roundcube/;1
/roundcube/bin/html2text.php;1
/roundcube/bin/msgimport;50
/roundcube/program/js/list.js;3
/roundcubemail-0.1/bin/msgimport;7
/roundcubemail-0.1/program/js/list.js;1
/roundcubemail-0.2/bin/msgimport;7
/roundcubemail/bin/msgimport;6
/roundcubemail/program/js/list.js;3
/rss.php;5
/search.php;10
/secure.php;5
/send_pwd.php;4
/sendmail.php;5
/setup/index.php;3
/shannen/index.php;4
/shop/index.asp;1
/shop/index.cfm;1
/shop/index.php;5
/shoutbox.php;5
/shoutbox/expanded.php;5
/show.php;5
/show_archives.php;9
/side/lib/helparea.js;10
/signup_page.php;1
/skin/zero_vote/ask_password.php;5
/skin/zero_vote/error.php;5
/skin/zero_vote/login.php;5
/skin/zero_vote/setup.php;5
/smsbugs/login_page.php;1
/sources/join.php;4
/sources/lostpw.php;5
/sources/post.php;5
/spaw/spaw_control.class.php;5
/sphider/admin/configset.php;5
/src/album.class.php;5
/src/image-gd.class.php;5
/src/image.class.php;9
/src/index_image.inc.php;5
/src/index_leftnavbar.inc.php;4
/src/index_overview.inc.php;3
/src/index_passwd-admin.inc.php;5
/src/main.inc.php;4
/src/show_random.inc.php;5
/stats.php;5
/stats/include/write.php;5
/stats/modules/My_eGallery/index.php;5
/stats/tools/send_reminders.php;4
/step_one.php;5
/support/faq/inc/pipe.php;5
/support/login_page.php;12
/support/mailling/maillist/inc/initdb.php;5
/support/mantis/login_page.php;3
/support/return_dynamic_filters.php;1
/tell_friend.php;5
/template.php;5
/tools/mantis/login_page.php;3
/tools/phpRPC/library/system/createMethod.sig;1
/tools/phprpc/library/system/createMethod.sig;1
/tools/send_reminders.php;5
/top_rated.php;5
/toplist.php;4
/toplist/sources/join.php;5
/toplist/sources/lostpw.php;5
/topsite/sources/join.php;5
/topsites/config.php;5
/topsites/sources/join.php;5
/topsites/sources/lostpw.php;5
/track/login_page.php;8
/tracker/login_page.php;19
/tracker/return_dynamic_filters.php;1
/tracking/login_page.php;1
/trg_news30/trgnews/install/article.php;5
/trunk/bin/msgimport;1
/turbo/mantis/login_page.php;2
/twiki/readme.txt;2
/typo3conf/index.html;8
/ubbthreads/addpost_newpoll.php;5
/ubbthreads/ubbt.inc.php;5
/upgrade_album.php;5
/user.php;5
/user/agora_user.php;5
/user/ldap_example.php;5
/user_detail.php;4
/user_search.php;5
/userlist.php;5
/vCard/admin/define.inc.php;5
/vhcs2/domain_default_page/index.html;4
/visitorupload.php;5
/votebox.php;5
/vuln.php;4
/vwar/admin/admin.php;5
/wagora/extras/quicklist.php;4
/web/hedgehog-cms/config;1
/web/hedgehog-cms/specialacts.php;1
/web/hedgehog-cms/userconfig.php;1
/web_statistics/calendar/tools/send_reminders.php;5
/web_statistics/coppercop/theme.php;5
/web_statistics/include/write.php;5
/web_statistics/modules/My_eGallery/public/displayCategory.php;5
/web_statistics/modules/coppermine/themes/default/theme.php;5
/web_statistics/skin/zero_vote/error.php;5
/web_statistics/tools/send_reminders.php;5
/webcalendar/tools/send_reminders.php;10
/webmail/bin/msgimport;32
/webmail/includes/mailaccess/pop3/core.php;4
/webmail/lib/emailreader_execute_on_each_page.inc.php;5
/webmail/program/js/list.js;3
/webmail2/bin/msgimport;2
/wiki/readme.txt;1
/wikis/readme.txt;1
/wm/bin/msgimport;2
/wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php;5
/xcomic/initialize.php;5
/yabbse/Sources/Packages.php;5
/yappa-ng/src/index_overview.inc.php;4
/zb41/include/write.php;5
/zboard/include/write.php;5
/zentrack/index.php;5
Consulta:
SELECT cs-uri-stem,count(*)
FROM ‘ C:\Documents and Settings\Administrador\Escritorio\W3SVC1\W3SVC1\*.*’
where cs(User-Agent) like ‘%Toata%’
group by cs-uri-stem
order by cs-uri-stem
“Toata dragostea mea pentru diavola” scanner
May 3, 2009
Rastreador que recorre los siguientes sitios:
/bin/msgimport;3
/cube/bin/msgimport;3
/mail/bin/msgimport;3
/mail2/bin/msgimport;3
/mss2/bin/msgimport;3
/rc/bin/msgimport;2
/rms/bin/msgimport;3
/round/bin/msgimport;3
/roundcube-0.1/bin/msgimport;2
/roundcube-0.2/bin/msgimport;3
/roundcube/bin/msgimport;4
/roundcubemail-0.1/bin/msgimport;3
/roundcubemail-0.2/bin/msgimport;2
/roundcubemail/bin/msgimport;3
/webmail/bin/msgimport;3
/webmail2/bin/msgimport;3
/wm/bin/msgimport;3
La consulta:
SELECT cs-uri-stem,count(*)
FROM ‘ C:\WINDOWS\system32\Logfiles\W3SVC1\*.*’
where cs(User-Agent) like ‘%Toata%’
group by cs-uri-stem
order by cs-uri-stem
Recomendaciones:
- Cambiar las rutas
- Eliminar marcas de productos instalados
- Bloquear user agent
- Firewall
