瑞星卡卡安全论坛

首页 » 技术交流区 » 系统软件 » 我单位内网网站被黑,我找到可疑的访问日志,请高手帮我分析漏洞在哪里?
一叶飞鸿 - 2006-3-10 22:54:00
我单位内网被黑,瑞星监控防火墙都开着.我找到可以的访问日志,请高手帮我分析漏洞在哪里?
怀疑10.176.48.135入侵修改了/index/default.asp.我要如何防止类似情况发生。谢谢



日志内容

2006-03-10 06:45:54 10.176.48.135 - 10.131.8.142 80 GET /Default.asp - 302 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:54 10.176.48.135 - 10.131.8.142 80 GET /index/default.asp - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:55 10.176.48.135 - 10.131.8.142 80 GET /public/smza.CSS - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:55 10.176.48.135 - 10.131.8.142 80 GET /img/tbg.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:55 10.176.48.135 - 10.131.8.142 80 GET /img/zazdlogo.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:55 10.176.48.135 - 10.131.8.142 80 GET /img/menubg.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:55 10.176.48.135 - 10.131.8.142 80 GET /img/flash1.swf - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:55 10.176.48.135 - 10.131.8.142 80 GET /index/欢迎来到中国模板网.files/tbg.gif - 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/tmt.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/leftline.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/ball2.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.131.105.7 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+MyIE2)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/loginbt1.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/loginpeople.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/bg.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/menubg.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:56 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/sbt1.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/wjcx.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/bszn.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/hotel.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/bikelogo3.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/czxx.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/dq.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.176.48.135 - 10.131.8.142 80 GET /img/glb.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:57 10.131.117.142 - 10.131.8.142 80 GET /hotel.htm - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)
2006-03-10 06:45:59 10.176.48.135 - 10.131.8.142 80 GET /img/bgxsx.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:59 10.176.48.135 - 10.131.8.142 80 GET /img/bt1.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:59 10.176.48.135 - 10.131.8.142 80 GET /img/fk.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:59 10.176.48.135 - 10.131.8.142 80 GET /img/arrow1.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:45:59 10.176.48.135 - 10.131.8.142 80 GET /img/wbxw.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:00 10.176.48.135 - 10.131.8.142 80 GET /img/new.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:00 10.176.48.135 - 10.131.8.142 80 GET /img/gadhnew.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:00 10.176.48.135 - 10.131.8.142 80 GET /img/fwrs2.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:00 10.176.48.135 - 10.131.8.142 80 GET /img/counter/0.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:01 10.176.48.135 - 10.131.8.142 80 GET /img/counter/6.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:01 10.176.48.135 - 10.131.8.142 80 GET /img/counter/3.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:01 10.176.48.135 - 10.131.8.142 80 GET /img/counter/2.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:01 10.176.48.135 - 10.131.8.142 80 GET /img/jh_small.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:02 10.176.48.135 - 10.131.8.142 80 GET /img/tch.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:02 10.131.7.52 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322)
2006-03-10 06:46:04 10.176.48.135 - 10.131.8.142 80 GET /manage/newsfile/200602175778783.JPG - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:07 10.176.48.135 - 10.131.8.142 80 GET /_vti_inf.html - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:07 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/shtml.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:07 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/shtml.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:08 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:10 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:11 10.176.48.135 - 10.131.8.142 80 GET /public/smza.CSS - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:11 10.176.48.135 - 10.131.8.142 80 GET /img/tmt.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:11 10.176.48.135 - 10.131.8.142 80 GET /img/leftline.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:11 10.176.48.135 - 10.131.8.142 80 GET /img/menubg.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:11 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/loginbt1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:11 10.176.48.135 - 10.131.8.142 80 GET /img/ar.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:12 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/sbt1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:12 10.176.48.135 - 10.131.8.142 80 GET /img/wjcx.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:12 10.176.48.135 - 10.131.8.142 80 GET /img/bikelogo3.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:12 10.176.48.135 - 10.131.8.142 80 GET /img/bszn.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:12 10.176.48.135 - 10.131.8.142 80 GET /img/hotel.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)

一叶飞鸿 - 2006-3-10 22:56:00
日志续
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/bg.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/dq.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/loginpeople.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/czxx.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/bgxsx.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/arrow1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:13 10.176.48.135 - 10.131.8.142 80 GET /img/bt1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:15 10.176.48.135 - 10.131.8.142 80 GET /img/wbxw.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:15 10.176.48.135 - 10.131.8.142 80 GET /img/gadhnew.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:15 10.131.14.139 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0b;+Windows+NT+5.0)
2006-03-10 06:46:15 10.176.48.135 - 10.131.8.142 80 GET /img/fwrs2.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:15 10.176.48.135 - 10.131.8.142 80 GET /img/bg01.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:17 10.176.48.135 - 10.131.8.142 80 GET /img/glb.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:17 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:20 10.131.88.1 - 10.131.8.142 80 GET /hotel.htm - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
2006-03-10 06:46:30 10.81.169.50 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)
2006-03-10 06:46:32 10.131.2.138 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1)
2006-03-10 06:46:44 10.176.48.135 - 10.131.8.142 80 GET /_vti_inf.html - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:44 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/shtml.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:44 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/shtml.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:44 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:47 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /public/smza.CSS - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/tmt.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/leftline.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/bg.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/menubg.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/loginpeople.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/loginbt1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/ar.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/ljindex/sbt1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:48 10.176.48.135 - 10.131.8.142 80 GET /img/wjcx.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:49 10.176.48.135 - 10.131.8.142 80 GET /img/bikelogo3.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:49 10.176.48.135 - 10.131.8.142 80 GET /img/bszn.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:49 10.176.48.135 - 10.131.8.142 80 GET /img/hotel.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:49 10.176.48.135 - 10.131.8.142 80 GET /img/czxx.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:49 10.176.48.135 - 10.131.8.142 80 GET /img/dq.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:49 10.176.48.135 - 10.131.8.142 80 GET /img/glb.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:50 10.176.48.135 - 10.131.8.142 80 GET /img/arrow1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:50 10.176.48.135 - 10.131.8.142 80 GET /img/bt1.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:50 10.176.48.135 - 10.131.8.142 80 GET /img/wbxw.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:50 10.176.48.135 - 10.131.8.142 80 GET /img/gadhnew.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:51 10.176.48.135 - 10.131.8.142 80 GET /img/fwrs2.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:51 10.176.48.135 - 10.131.8.142 80 GET /img/bg01.gif - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:51 10.176.48.135 - 10.131.8.142 80 GET /img/bgxsx.jpg - 200 Mozilla/4.0+(compatible;+MS+FrontPage+6.0)
2006-03-10 06:46:51 10.42.144.16 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)
2006-03-10 06:47:07 10.131.2.156 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)
2006-03-10 06:47:12 10.133.177.93 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)



2006-03-10 06:48:39 10.176.48.135 - 10.131.8.142 80 OPTIONS / - 200 Microsoft+Data+Access+Internet+Publishing+Provider+Protocol+Discovery
2006-03-10 06:48:39 10.176.48.135 - 10.131.8.142 80 OPTIONS /index - 200 Microsoft+Data+Access+Internet+Publishing+Provider+Protocol+Discovery
2006-03-10 06:48:39 10.176.48.135 - 10.131.8.142 80 PROPFIND /index/default.asp - 403 Microsoft+Data+Access+Internet+Publishing+Provider+DAV


2006-03-10 06:51:03 10.176.48.135 - 10.131.8.142 80 PROPFIND /index/default.asp - 403 Microsoft+Data+Access+Internet+Publishing+Provider+DAV
2006-03-10 06:51:05 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:51:09 10.21.182.207 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
2006-03-10 06:51:15 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
2006-03-10 06:51:17 10.131.57.42 - 10.131.8.142 80 GET /hotel.htm - 304 Mozilla/4.0+(compatible;+MSIE+6.0b;+Windows+NT+5.0)
2006-03-10 06:51:17 10.176.48.135 - 10.131.8.142 80 POST /_vti_bin/_vti_aut/author.dll - 200 MSFrontPage/6.0
天下奇才 - 2006-3-10 23:18:00
你好,
我对这个不大熟悉,我只能说说我的看法
我觉得是服务器配置或着漏洞造成的,看似漏洞或者是权限的失效
taylor05771 - 2006-3-11 11:55:00
十有八九 是 ASP注入--然后暴库。。。。。
1
查看完整版本: 我单位内网网站被黑,我找到可疑的访问日志,请高手帮我分析漏洞在哪里?
© 2000 - 2026 Rising Corp. Ltd.