Error4 - co zajima hackery – Offtopic – Fórum – Programujte.com

Davam sem vypis error 404 stranek, co tu hledaji hackeri. Snazil jsem se to vycistit, neznam ani, co vsechno tu mame nainstalovane, ale myslim si, ze vetsina tech erroru jsou realne pokusy o hackovani. Web nam nebezi ani na php, ani cgi ani wordpress a ani tam snad nemame fck :)
Zajimave je, ze treba /wp-login.php zkouseli asi 9,772 krat (asi za mesic) :)

Jestli se nekdo zabyvate zabezpecenim / zrychlenim webu, tak by mohlo byt zajimave spoustu tech stranek presmerovat. Aby zbytecne system nevyhledaval stranku, ktera tam stejne neni.

/.well-known/apple-app-site-association	23
/.well-known/assetlinks.json	15
/.well-known/dnt-policy.txt	5
//admin	4
//index.php	4
//login.action	5
//plus/download.php	3
//plus/mytag_js.php	3
//sloth_webmaster.php	2
//www.googleadservices.com/pagead/conversion.js	16
//www.googletagmanager.com/ns.html	26
/Abbrevsprl.php	2
/admin	3
/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp	18
/admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx	17
/admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php	25
/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php	20
/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp	18
/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp	19
/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx	17
/admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx	18
/admin/FCKeditor/editor/filemanager/connectors/php/connector.php	22
/admin/fckeditor/editor/filemanager/connectors/php/connector.php	20
/admin/fckeditor/editor/filemanager/connectors/php/upload.php	21
/admin/FCKeditor/editor/filemanager/connectors/php/upload.php	20
/admin/fckeditor/editor/filemanager/upload/asp/upload.asp	18
/admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx	19
/admin/FCKeditor/editor/filemanager/upload/php/upload.php	24
/admin/fckeditor/editor/filemanager/upload/php/upload.php	20
/admin/scripts/setup.php	6
/administrator/administrator.php	2
/administrator/components/com_xcloner-backupandrestore/index2.php	3
/administrator/index.php	19
/ads.txt	24
/album.cgi	5
/apple-app-site-association	25
/apple-touch-icon.png	1,172
/apple-touch-icon120x120.png	3
/apple-touch-icon-120x120.png	256
/apple-touch-icon-120x120-precomposed.png	258
/apple-touch-icon152x152.png	3
/apple-touch-icon-152x152.png	29
/apple-touch-icon-152x152-precomposed.png	29
/apple-touch-icon76x76.png	3
/apple-touch-icon-76x76.png	23
/apple-touch-icon-76x76-precomposed.png	23
/apple-touch-icon-precomposed.png	794
/apps/guestbook	5
/aska.cgi	5
/authenticating.php	2
/autodiscover/autodiscover.xml	16,226
/bbs.cgi	5
/blog/	9
/blog/robots.txt	10
/browserconfig.xml	153
/C/Users/hol70/AppData/Roaming/Microsoft/Word/%20vol.63,%20issue%201	2
/cache/cachee.php	2
/Carmen/en/results	22
/CGI/guestbook	5
/ckeditor/ckfinder/core/connector/asp/connector.asp	17
/ckeditor/ckfinder/core/connector/aspx/connector.aspx	17
/ckeditor/ckfinder/core/connector/php/connector.php	18
/components/com_mailto/views/sent/metadata.xml	19
/configurationbak.php.suspected	2
/core	3
/dbadmin/scripts/setup.php	6
/default.asp	5
/docs/sekce1.htm	2
/editor/editor/filemanager/connectors/aspx/connector.aspx	2
/en/sekce2.htm	4
/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp	20
/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx	20
/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php	23
/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php	21
/fckeditor/editor/filemanager/connectors/asp/connector.asp	20
/fckeditor/editor/filemanager/connectors/asp/upload.asp	20
/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx	22
/fckeditor/editor/filemanager/connectors/aspx/connector.aspx	20
/fckeditor/editor/filemanager/connectors/aspx/upload.aspx	20
/FCKeditor/editor/filemanager/connectors/php/connector.php	21
/fckeditor/editor/filemanager/connectors/php/connector.php	20
/fckeditor/editor/filemanager/connectors/php/upload.php	21
/FCKeditor/editor/filemanager/connectors/php/upload.php	20
/fckeditor/editor/filemanager/upload/asp/upload.asp	20
/fckeditor/editor/filemanager/upload/aspx/upload.aspx	20
/fckeditor/editor/filemanager/upload/php/upload.php	21
/FCKeditor/editor/filemanager/upload/php/upload.php	20
/fpf/cz///www.googletagmanager.com/ns.html	5
/fpf/cz/'+img+'	47
/fpf/cz/portal	3
/fpf/cz/sekce.php	8
/fpf/cz/wp-login.php	35
/fpf/ustavy/ustav-informatiky/soubory/sylaby.doc	2
/fpf/wp-login.php	7
/ftt2/signup.php	2
/fvp/cz/%2Ffvp%2Ffavicon.ico	5
/fvp/cz///www.googletagmanager.com/ns.html	7
/fvp/cz/apple-touch-icon.png	6
/fvp/cz/apple-touch-icon-precomposed.png	4
/fvp/cz/uo/projekty/inovace/materialy/docs/sbornik_prispevku_konference_uo_zari2013-1'	3
/fvp/wp-login.php	6
/g_book.cgi	5
/gaestebuch.php	5
/gastenboek.php	5
/gb.php	5
/guestbook	5
/guestbook.html	5
/guestbook.php	10
/Guestbook.php	5
/help.txt	47
/home.php	5
/htaccess.txt	18
/https://www.slu.cz/	13
/checkout	15
/images/1ndex.php	2
/images/404.php	2
/images/google-assist.php	2
/images/powered_by.png	18
/images/stories/0day.php	3
/images/xxx.php	2
/includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp	19
/includes/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx	18
/includes/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php	23
/includes/fckeditor/editor/filemanager/connectors/asp/connector.asp	19
/includes/fckeditor/editor/filemanager/connectors/asp/upload.asp	20
/includes/fckeditor/editor/filemanager/connectors/aspx/connector.aspx	19
/includes/fckeditor/editor/filemanager/connectors/aspx/upload.aspx	20
/includes/fckeditor/editor/filemanager/connectors/php/connector.php	19
/includes/FCKeditor/editor/filemanager/connectors/php/connector.php	19
/includes/FCKeditor/editor/filemanager/connectors/php/upload.php	20
/includes/fckeditor/editor/filemanager/connectors/php/upload.php	20
/includes/fckeditor/editor/filemanager/upload/asp/upload.asp	20
/includes/fckeditor/editor/filemanager/upload/aspx/upload.aspx	20
/includes/FCKeditor/editor/filemanager/upload/php/upload.php	20
/includes/fckeditor/editor/filemanager/upload/php/upload.php	19
/includes/u2p.php	3
/index.php	29
/index.php/component/users/	7
/jax_guestbook.php	5
/join_form	163
/kcfinder/browse.php	17
/key/ASWD56425CSA	4
/kontakt/	2
/license.txt	142
/light.cgi	5
/log.php	2
/maill.php	2
/market//js/mage/cookies.js	2
/math/cz/.well-known/autoconfig/mail/config-v1.1.xml	2
/math/cz/Index/vybrizeni.php	21
/math/cz/index1.php	21
/math/cz/modules/mod_simplefileuploadv1.3/elements/udd.php	
/math/cz/RealAnalysis/	47
/media/tmp.php	2
/modules.php	5
/myadmin/scripts/setup.php	6
/mysql/scripts/setup.php	6
/mysqladmin/scripts/setup.php	6
/oblast	15
/oblast/1	17
/oblast/10	16
/oblast/15	16
/oblast/2	17
/oblast/3	18
/oblast/4	17
/oblast/5	17
/oblast/6	17
/oblast/7	16
/oblast/8	16
/oblast/9	17
/oblast/Karvin%C3%A1	16
/oblast/Opava	16
/page/dokumenty	16
/page/kontakty	16
/phpMyAdmin/scripts/setup.php	6
/phpmyadmin/scripts/setup.php	6
/plus/mytag_js.php	2
/pma/scripts/setup.php	6
/PMA/scripts/setup.php	6
/portal	3
/readme.htm	47
/readme.html	50
/readme.txt	47
/scarbook.php	5
/search_form	94
/seo-joy.cgi	5
/sign/in	16
/sign/register	16
/sitemap.xml	24
/slu/cz/czv/oblast/1	2
/slu/cz/czv/oblast/4	2
/sql/scripts/setup.php	6
/sqlbak.php	2
/style/contenttypes-sprite.png	27
/su/fvp/en/useful-information/docs/converter-abiword-19724.html_files/0.png	5
/tmp.php	4
/wordpress/	9
/wp/	9
/wp-admin/css/colors-classic.css	47
/wp-admin/images/wp-logo-2x.png	47
/wp-admin/js/media-upload.dev.js	47
/wp-content/plugins/akismet/akismet.js	47
/wp-content/plugins/myshe.php	2
/wp-content/plugins/wp-footers.php	2
/wp-content/themes/classic/rtl.css	47
/wp-content/themes/twentyeleven/readme.txt	47
/wp-content/themes/twentyten/images/wordpress.png	47
/wp-content/themes/twentyten/style.css	47
/wp-includes/css/buttons.css	47
/wp-includes/js/scriptaculous/wp-scriptaculous.js	47
/wp-includes/js/tinymce/langs/wp-langs-en.js	47
/wp-includes/js/tinymce/wp-tinymce.js	47
/wp-login.php	9,772
/wp-main.php	2
/wsdl.php	2
/www.googletagmanager.com/ns.html	2
/xmlrpc.php	50
/xmlsrpc.php	2
/yybbs.cgi	5

 Jeste mam dalsi pokusy

/fpf/cz/utility/convert/index.php
/fpf/cz/wp-login.php
/checkout
/join_form

 A jeste tohle jsem nasel po uplnem dukladnem prohledani logu. Zajimave, prave, jake triky zkouseji. Treba out.html a zadne html v podstate v systemu neni :) Urcite na fpf loga pro mac jsem nicky nedaval, to ma jina fakulta. Takze snadno odhalitelne.
Nejspis se jedna o souboru, ktere you v ruznych CMS jakymsi zpusobem narouratelne. Treba, u toho FCK je to jasne.

/fpf/cz/dekanat/rocenky/out.html
/fpf/cz/obecne/soubory/logo/logo.psd
/fpf/cz/obecne/soubory/logo/logo-mac.ai
/fpf/cz/veda-a-vyzkum/converter-abiword-20152.html_files/0.png
/utility/convert/index.php

Prekvapuje mne, ze tohle skouseji tak zarputile

/apple-touch-icon-precomposed.png 794
/autodiscover.xml 16,226 / mesic! = 22x/hod
/bbs.cgi
/browserconfig.xml 153
 

#3 peter
to zkouseji nakazene stroje, nikdo by se s tim tak neparal.

Jednoduse zkouseji zname exploity a zapomenute scripty (takove, co maji slouzit k prvotnimu nastaveni a pak se musi smazat), pripadne scripty, co by mohly spoustet shell prikazy.

Plus obvykle nazvy scriptu a podobne, kde by se mohlo preskocit zabezpeceni tim, ze to neni includovany z nejake hlavni stranky, ale neni to osetrene.

Jj, vim. Jen jsem chtel dat ostatnim vyvojarum takovy prehled, co by meli tak asi schovat (prejmenovat, smazat, skryt pres prava na adresar a pod).

My tu mame pythonovy plone, takze zadne php, asp a pod by tam nemelo existovat. Ani readme, aby jsi zjistil verzi cms :) Bezny vyvojar prave ma nejaky tem wp, joomlu a ty soubory si nepohlida, nezkontroluje.

Treba koleguv znamy ma jakousi verzi PageSeedCMS, kterou mu napadli hackeci prave pres stare fck, konektor. Nahrali mu tam obrazek, ktery se zobrazoval jako obrazek a byl v nem zasity i kod.  AVG po zkopirovani na disk, pindalo, odstranovalo hrozby. Kdyz ten obrazek mas na serveru ve slozce, ktera ma povolenou volbu i pro spousteni kodu, tak staci zadat spravnou url a spoustis vlastni php soubor :)

Ha, tak beru zpet. Asi spoustu tech adres bylo skutecne platnych. Nedavno jsem zjistil, ze se pripravuje novy web, kde prave apple-touch-icon a pod jsou. A nejspis i ten wordpress tu nekdo provozoval. Evidetne to mel admin nejspis spatne presmerovane, protoze se to mohlo byt se stavajicimi webovkami.