一个非常值得思考的攻击方式!

hulei 发布于 2011/05/30 14:23
阅读 1K+
收藏 1

[Mon May 30 09:35:12 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/lsiy2.rar
[Mon May 30 09:35:12 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/2.rar
[Mon May 30 09:35:12 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/2.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/usax3.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/3.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/3.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/iysh123.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/123.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/123.rar
[Mon May 30 09:35:13 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/sgfm5.rar
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/5.rar
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/5.rar
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/xoxvmirserver.rar
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/mirserver.rar
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/mirserver.rar
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] (22)Invalid argument: Cannot map GET /czsj\xb8\xb4\xbc\xfe mirserver1.rar HTTP/1.1 to file
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] (22)Invalid argument: Cannot map GET /vlgx\xb8\xb4\xbc\xfe mirserver.rar HTTP/1.1 to file
[Mon May 30 09:35:14 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/cewhmirserver1.rar
[Mon May 30 09:35:15 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/mirserver1.rar
[Mon May 30 09:35:15 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/mirserver1.rar
[Mon May 30 09:35:15 2011] [error] [client 61.160.222.91] File does not exist: D:/wamp/www/ylemmirserver2.rar

 

 

呵呵,我觉得攻击者很容易得手啊。

加载中
1
红薯
红薯

引用来自“dd”的答案

是访问不存在的文件让日志记满?
不是吧,根据我观察,这些主要是利用一些工具为了获取到网站的源码,以为不少人备份程序直接放在Web目录。
G.
G.
源代码里面有数据库的配置文件, 还有可能有从数据库导出的数据. 而很多人密码都是通用的. 只要得到一个密码. 整个站就玩完了.
0
红薯
红薯
在 oschina 上绝对得手不了,因为根本不会在根目录下访那些压缩文档,呵呵
0
ddatsh
ddatsh
是访问不存在的文件让日志记满?
0
hulei
hulei
因为有很多租用空间的用户,上传的时候都是压缩文件,然后再解压。如果稍微不注意就会被人得手了。
0
SeekerLee
SeekerLee
呵呵,很聪明,很没有技术含量。
0
G.
G.

引用来自“SeekerLee”的答案

呵呵,很聪明,很没有技术含量。
一定要很复杂才叫技术吗?
这货有个名词: 社会工程学.
很NB吧.
ddatsh
ddatsh
LS OUT鸟 社会工程学和与人打交道没必然关系啊
答复哈
答复哈
这怎么是社会工程学呢?与人打交道的才叫社会工程学.
返回顶部
顶部