zyrusthc
02.08.09, 02:12
Hallo zusammen
Ich hatte bei meinen Updates für mein PHPKit CMS geschlafen und gestern gegen 1Uhr hat jemand seinen Exploit an meiner Website ausprobiert und Erfolg gehabt. So dreist wie dieser jemand war hat er die komplette Seite gelöscht und einen Dump der Benutzerdatenbank meines CMS gezogen. Hinterlassen hat er blos eine html Datei , siehe Anhang.
Hier mal der betreffende Logsauschnitt und sein Vorgehen:
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /fx/phpkit.ico HTTP/1.1" 200 1406
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /fx/blank.gif HTTP/1.1" 200 43
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /images/catimages/www.gif HTTP/1.1" 200 356
85.214.61.152 - - [01/Aug/2009:01:01:31 +0200] "GET /include.php?path=content/news.php HTTP/1.1" 200 20358
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /images/pageup.gif HTTP/1.1" 200 90
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/blank.gif HTTP/1.1" 200 58
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /pkinc/publictpl/srvinfo/img/linux.gif HTTP/1.1" 200 479
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /statit/statit.js HTTP/1.1" 200 3707
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /pkinc/publictpl/srvinfo/img/point01.gif HTTP/1.1" 200 60
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/online.gif HTTP/1.1" 200 125
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/offline.gif HTTP/1.1" 200 116
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/bk-w.jpg HTTP/1.1" 200 1719
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/bk-z.jpg HTTP/1.1" 200 2095
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/heads.gif HTTP/1.1" 200 447
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /statit/statit.php?st_id=2&st_js=1&st_ref=http%3A%2F%2Fwww.google.de%2Fsearch%3Fhl%3D de%26client%3Dfirefox-a%26channel%3Ds%26rls%3Dorg.mozilla%253Ade%253Aoff icial%26q%3D%2522%2BDiese%2BWebsite%2Bwurde%2Bmit% 2BPHPKIT%2BVersion%2B1.6.4%2Bpl3%2Berstellt%2522%2 BBenutzer%2Bregistriert%26btnG%3DSuche%26meta%3D&st_dat=%2Finclude.php%3Fpath%3Dcontent%2Fnews.php&st_w=1024&st_h=768&st_c=32&st_fla=1&st_dir=0&st_qt=0&st_rm=0&st_pdf=1&st_wma=1&st_java=0&st_check=1 HTTP/1.1" 200 49
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/banner.gif HTTP/1.1" 200 30353
85.214.61.152 - - [01/Aug/2009:01:01:42 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:01:41 +0200] "GET /include.php?path=registration HTTP/1.1" 200 15726
85.214.61.152 - - [01/Aug/2009:01:01:48 +0200] "GET /fx/form.js HTTP/1.1" 200 239
85.214.61.152 - - [01/Aug/2009:01:01:48 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:01:47 +0200] "POST /include.php?path=registration HTTP/1.1" 200 11937
85.214.61.152 - - [01/Aug/2009:01:01:49 +0200] "GET /include.php?fx=captcha HTTP/1.1" 200 5222
85.214.61.152 - - [01/Aug/2009:01:01:56 +0200] "POST /include.php?path=registration HTTP/1.1" 302 -
85.214.61.152 - - [01/Aug/2009:01:01:56 +0200] "GET /include.php?event=registration_successful HTTP/1.1" 200 10537
85.214.61.152 - - [01/Aug/2009:01:01:57 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:08 +0200] "GET /include.php? HTTP/1.1" 200 11401
85.214.61.152 - - [01/Aug/2009:01:02:08 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:09 +0200] "GET /status/vnstat/traffic_heute.html HTTP/1.1" 200 227
85.214.61.152 - - [01/Aug/2009:01:02:31 +0200] "GET /include.php?user=Maik.Sebastian1988%40web.de&userpw=0E99hi1QR&firstlog=1&uid=f9b3c559c85634445f77ed77c4560ab4 HTTP/1.1" 302 -
85.214.61.152 - - [01/Aug/2009:01:02:32 +0200] "GET /include.php?event=firstlogin HTTP/1.1" 200 10479
85.214.61.152 - - [01/Aug/2009:01:02:32 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:38 +0200] "GET /include.php?path=contentsubmit&type=1 HTTP/1.1" 200 20561
85.214.61.152 - - [01/Aug/2009:01:02:39 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:40 +0200] "GET /fx/main.js HTTP/1.1" 200 4168
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/i.gif HTTP/1.1" 200 142
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/b.gif HTTP/1.1" 200 140
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/u.gif HTTP/1.1" 200 144
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/s.gif HTTP/1.1" 200 143
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h2.gif HTTP/1.1" 200 125
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h3.gif HTTP/1.1" 200 126
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h4.gif HTTP/1.1" 200 125
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/a.gif HTTP/1.1" 200 220
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/p.gif HTTP/1.1" 200 146
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/qoute.gif HTTP/1.1" 200 152
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/mail.gif HTTP/1.1" 200 201
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tleft.gif HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tcenter.gif HTTP/1.1" 200 135
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tright.gif HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tblock.gif HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/copy.gif HTTP/1.1" 200 143
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/reg.gif HTTP/1.1" 200 144
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/ex.gif HTTP/1.1" 200 141
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/list.gif HTTP/1.1" 200 141
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/code.gif HTTP/1.1" 200 139
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/hr.gif HTTP/1.1" 200 127
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/euro.gif HTTP/1.1" 200 139
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/help.gif HTTP/1.1" 200 594
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cwhite.gif HTTP/1.1" 200 63
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cgray.gif HTTP/1.1" 200 76
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cbleu.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cblue.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cred.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/corange.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cyellow.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cgreen.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cdarkgray.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/angry.gif HTTP/1.1" 200 375
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/biggrin.gif HTTP/1.1" 200 244
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/confused.gif HTTP/1.1" 200 93
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/cool.gif HTTP/1.1" 200 370
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/img.gif HTTP/1.1" 200 295
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/cry.gif HTTP/1.1" 200 203
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/evil.gif HTTP/1.1" 200 99
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/frown.gif HTTP/1.1" 200 378
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/laugh.gif HTTP/1.1" 200 158
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/rolleyes.gif HTTP/1.1" 200 361
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/surprised.gif HTTP/1.1" 200 370
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/smilie.gif HTTP/1.1" 200 375
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/wink.gif HTTP/1.1" 200 375
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/tongue.gif HTTP/1.1" 200 377
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/hearts.gif HTTP/1.1" 200 274
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /include.php?fx=captcha HTTP/1.1" 200 4099
85.214.61.152 - - [01/Aug/2009:01:02:56 +0200] "POST /include.php?path=contentsubmit&type=1 HTTP/1.1" 302 -
85.214.61.152 - - [01/Aug/2009:01:02:58 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:57 +0200] "GET /include.php?event=submit_info HTTP/1.1" 200 10670
85.214.61.152 - - [01/Aug/2009:01:03:07 +0200] "GET /images/smilies/upp.php HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:03:08 +0200] "GET /favicon.ico HTTP/1.1" 200 17878
85.214.61.152 - - [01/Aug/2009:01:03:18 +0200] "POST /images/smilies/upp.php HTTP/1.1" 200 157
85.214.61.152 - - [01/Aug/2009:01:03:27 +0200] "GET /images/smilies/temp.php HTTP/1.1" 200 6074
85.214.61.152 - - [01/Aug/2009:01:03:28 +0200] "GET /images/smilies/temp.php?act=img&img=search HTTP/1.1" 200 250
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=back HTTP/1.1" 200 119
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=buffer HTTP/1.1" 200 163
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=sort_asc HTTP/1.1" 200 85
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=small_dir HTTP/1.1" 200 164
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=ext_diz HTTP/1.1" 200 1027
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=home HTTP/1.1" 200 209
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_lnk HTTP/1.1" 200 572
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_gif HTTP/1.1" 200 175
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=download HTTP/1.1" 200 161
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=change HTTP/1.1" 200 290
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_php HTTP/1.1" 200 79
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=arrow_ltr HTTP/1.1" 200 88
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=up HTTP/1.1" 200 199
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=forward HTTP/1.1" 200 119
85.214.61.152 - - [01/Aug/2009:01:03:31 +0200] "GET /images/smilies/temp.php?act=img&img=refresh HTTP/1.1" 200 200
85.214.61.152 - - [01/Aug/2009:01:04:05 +0200] "GET /images/smilies/temp.php?act=gofile&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2Fim ages%2Fsmilies%2F&f=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2Fpk inc%2Frep%2Fsites%2Finclude%2Fdata%2Fsql.php HTTP/1.1" 200 5800
85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_txt HTTP/1.1" 200 132
85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_html HTTP/1.1" 200 230
85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_exe HTTP/1.1" 200 118
85.214.61.152 - - [01/Aug/2009:01:04:07 +0200] "GET /images/smilies/temp.php?act=img&img=ext_ini HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:04:08 +0200] "GET /images/smilies/temp.php?act=img&img=ext_rtf HTTP/1.1" 200 164
85.214.61.152 - - [01/Aug/2009:01:04:26 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5994
85.214.61.152 - - [01/Aug/2009:01:04:27 +0200] "GET /images/smilies/temp.php?act=img&img=ext_swf HTTP/1.1" 200 254
85.214.61.152 - - [01/Aug/2009:01:04:28 +0200] "GET /images/smilies/temp.php?act=img&img=ext_ico HTTP/1.1" 200 175
85.214.61.152 - - [01/Aug/2009:01:04:29 +0200] "GET /images/smilies/temp.php?act=img&img=ext_js HTTP/1.1" 200 131
85.214.61.152 - - [01/Aug/2009:01:04:29 +0200] "GET /images/smilies/temp.php?act=sql&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F HTTP/1.1" 200 4702
85.214.61.152 - - [01/Aug/2009:01:04:43 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5006
85.214.61.152 - - [01/Aug/2009:01:05:08 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit HTTP/1.1" 200 8075
85.214.61.152 - - [01/Aug/2009:01:05:09 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_empty HTTP/1.1" 200 838
85.214.61.152 - - [01/Aug/2009:01:05:10 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_drop HTTP/1.1" 200 859
85.214.61.152 - - [01/Aug/2009:01:05:10 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_insert HTTP/1.1" 200 854
85.214.61.152 - - [01/Aug/2009:01:05:13 +0200] "GET /images/smilies/temp.php?act=img&img=multipage HTTP/1.1" 200 82
85.214.61.152 - - [01/Aug/2009:01:05:12 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit&sql_db=phpkit&sql_tbl=phpkit_user HTTP/1.1" 200 15631
85.214.61.152 - - [01/Aug/2009:01:05:22 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit&sql_tbl=phpkit_user&sql_act=tbldump&thistbl=1 HTTP/1.1" 200 5761
85.214.61.152 - - [01/Aug/2009:01:05:55 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5994
85.214.61.152 - - [01/Aug/2009:01:06:02 +0200] "GET /images/smilies/temp.php?act=img&img=ext_js HTTP/1.1" 200 131
85.214.61.152 - - [01/Aug/2009:01:06:18 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5188
85.214.61.152 - - [01/Aug/2009:01:06:33 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 6215
85.214.61.152 - - [01/Aug/2009:01:06:36 +0200] "GET /images/smilies/temp.php?act=img&img=ext_sql HTTP/1.1" 200 1034
85.214.61.152 - - [01/Aug/2009:01:06:37 +0200] "GET / HTTP/1.1" 200 1278
85.214.61.152 - - [01/Aug/2009:01:06:38 +0200] "GET /icons/folder.gif HTTP/1.1" 200 225
85.214.61.152 - - [01/Aug/2009:01:06:38 +0200] "GET /icons/blank.gif HTTP/1.1" 200 148
85.214.61.152 - - [01/Aug/2009:01:06:40 +0200] "GET / HTTP/1.1" 200 1278
85.214.61.152 - - [01/Aug/2009:01:06:41 +0200] "GET /icons/blank.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:41 +0200] "GET /icons/folder.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:42 +0200] "GET / HTTP/1.1" 200 1278
85.214.61.152 - - [01/Aug/2009:01:06:44 +0200] "GET /icons/blank.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:44 +0200] "GET /icons/folder.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:51 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5204
85.214.61.152 - - [01/Aug/2009:01:07:03 +0200] "POST /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5341
85.214.61.152 - - [01/Aug/2009:01:07:10 +0200] "GET / HTTP/1.1" 200 2114
85.214.61.152 - - [01/Aug/2009:01:08:09 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5230
85.214.61.152 - - [01/Aug/2009:01:05:31 +0200] "GET /images/smilies/temp.php?act=sql&sql_act=dump&sql_db=phpkit&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_tbl=phpkit_user&sql_db=phpkit&dmptbls=phpkit_user&sql_dump_file=.%2Fdump_zyrusthc.homeip.net_phpkit_ 01-08-2009-01-05-23.sql&sql_dump_download=1&sql_dump_savetofile=1&submit=Dump HTTP/1.1" 200 3629804
85.214.61.152 - - [01/Aug/2009:01:16:53 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:17:26 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:19:43 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:22:36 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:02 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:02 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
Eine whois Abfrage auf die IP Adresse ergab:
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '85.214.16.0 - 85.214.139.255'
inetnum: 85.214.16.0 - 85.214.139.255
netname: STRATO-RZG-DED2
descr: Strato Rechenzentrum, Berlin
country: DE
admin-c: CM265-RIPE
tech-c: XX1-RIPE
tech-c: WB14-RIPE
status: ASSIGNED PA
remarks: ************************************************** *
remarks: * Abuse Contact: abuse@strato.de in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, etc. *
remarks: ************************************************** *
mnt-by: STRATO-RZG-MNT
source: RIPE # Filtered
person: Christian Mueller
address: Cronon AG
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 398020
fax-no: +49 30 39802222
abuse-mailbox: abuse@strato.de
nic-hdl: CM265-RIPE
remarks: see also: XX1-RIPE CM5081-NSI CM1-ABC SOUL-RIPE
mnt-by: CRONON-MNT
source: RIPE # Filtered
person: Christian Xaver Mueller
address: Cronon AG
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 398020
fax-no: +49 30 39 802-222
abuse-mailbox: abuse@strato.de
nic-hdl: XX1-RIPE
remarks: see also: CM265-RIPE SOUL-RIPE
mnt-by: CRONON-MNT
source: RIPE # Filtered
person: Wilhelm Boeddinghaus
address: Strato Rechenzentrum GmbH
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 39802-0
fax-no: +49 30 39802-222
nic-hdl: WB14-RIPE
remarks: see also INTERNIC: >WB131<
mnt-by: CRONON-MNT
source: RIPE # Filtered
% Information related to '85.214.0.0/16AS6724'
route: 85.214.0.0/16
descr: Strato Rechenzentrum
origin: AS6724
mnt-by: STRATO-RZG-MNT
source: RIPE # Filtered
Bei der IP handelt es sich ja offensichtlich um einen Rootserver aus der Strato Serverfarm.
Angemeldet hat sich der Benutzer auf meiner Website mit dem Benutzernamen und Email Maik.Sebastian1988@web.de .
Mittlerweile ist meine Seite wieder erreichbar und auf dem neusten Stand. Jedoch überlege ich aufgrund der Dreistheit alles zu löschen, ob ich den jenigen Anzeigen sollte.
Was würdet ihr tun?
Greeeez Oli
Ich hatte bei meinen Updates für mein PHPKit CMS geschlafen und gestern gegen 1Uhr hat jemand seinen Exploit an meiner Website ausprobiert und Erfolg gehabt. So dreist wie dieser jemand war hat er die komplette Seite gelöscht und einen Dump der Benutzerdatenbank meines CMS gezogen. Hinterlassen hat er blos eine html Datei , siehe Anhang.
Hier mal der betreffende Logsauschnitt und sein Vorgehen:
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /fx/phpkit.ico HTTP/1.1" 200 1406
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /fx/blank.gif HTTP/1.1" 200 43
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /images/catimages/www.gif HTTP/1.1" 200 356
85.214.61.152 - - [01/Aug/2009:01:01:31 +0200] "GET /include.php?path=content/news.php HTTP/1.1" 200 20358
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /images/pageup.gif HTTP/1.1" 200 90
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/blank.gif HTTP/1.1" 200 58
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /pkinc/publictpl/srvinfo/img/linux.gif HTTP/1.1" 200 479
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /statit/statit.js HTTP/1.1" 200 3707
85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /pkinc/publictpl/srvinfo/img/point01.gif HTTP/1.1" 200 60
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/online.gif HTTP/1.1" 200 125
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/offline.gif HTTP/1.1" 200 116
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/bk-w.jpg HTTP/1.1" 200 1719
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/bk-z.jpg HTTP/1.1" 200 2095
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/heads.gif HTTP/1.1" 200 447
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /statit/statit.php?st_id=2&st_js=1&st_ref=http%3A%2F%2Fwww.google.de%2Fsearch%3Fhl%3D de%26client%3Dfirefox-a%26channel%3Ds%26rls%3Dorg.mozilla%253Ade%253Aoff icial%26q%3D%2522%2BDiese%2BWebsite%2Bwurde%2Bmit% 2BPHPKIT%2BVersion%2B1.6.4%2Bpl3%2Berstellt%2522%2 BBenutzer%2Bregistriert%26btnG%3DSuche%26meta%3D&st_dat=%2Finclude.php%3Fpath%3Dcontent%2Fnews.php&st_w=1024&st_h=768&st_c=32&st_fla=1&st_dir=0&st_qt=0&st_rm=0&st_pdf=1&st_wma=1&st_java=0&st_check=1 HTTP/1.1" 200 49
85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/banner.gif HTTP/1.1" 200 30353
85.214.61.152 - - [01/Aug/2009:01:01:42 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:01:41 +0200] "GET /include.php?path=registration HTTP/1.1" 200 15726
85.214.61.152 - - [01/Aug/2009:01:01:48 +0200] "GET /fx/form.js HTTP/1.1" 200 239
85.214.61.152 - - [01/Aug/2009:01:01:48 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:01:47 +0200] "POST /include.php?path=registration HTTP/1.1" 200 11937
85.214.61.152 - - [01/Aug/2009:01:01:49 +0200] "GET /include.php?fx=captcha HTTP/1.1" 200 5222
85.214.61.152 - - [01/Aug/2009:01:01:56 +0200] "POST /include.php?path=registration HTTP/1.1" 302 -
85.214.61.152 - - [01/Aug/2009:01:01:56 +0200] "GET /include.php?event=registration_successful HTTP/1.1" 200 10537
85.214.61.152 - - [01/Aug/2009:01:01:57 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:08 +0200] "GET /include.php? HTTP/1.1" 200 11401
85.214.61.152 - - [01/Aug/2009:01:02:08 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:09 +0200] "GET /status/vnstat/traffic_heute.html HTTP/1.1" 200 227
85.214.61.152 - - [01/Aug/2009:01:02:31 +0200] "GET /include.php?user=Maik.Sebastian1988%40web.de&userpw=0E99hi1QR&firstlog=1&uid=f9b3c559c85634445f77ed77c4560ab4 HTTP/1.1" 302 -
85.214.61.152 - - [01/Aug/2009:01:02:32 +0200] "GET /include.php?event=firstlogin HTTP/1.1" 200 10479
85.214.61.152 - - [01/Aug/2009:01:02:32 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:38 +0200] "GET /include.php?path=contentsubmit&type=1 HTTP/1.1" 200 20561
85.214.61.152 - - [01/Aug/2009:01:02:39 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:40 +0200] "GET /fx/main.js HTTP/1.1" 200 4168
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/i.gif HTTP/1.1" 200 142
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/b.gif HTTP/1.1" 200 140
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/u.gif HTTP/1.1" 200 144
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/s.gif HTTP/1.1" 200 143
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h2.gif HTTP/1.1" 200 125
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h3.gif HTTP/1.1" 200 126
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h4.gif HTTP/1.1" 200 125
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/a.gif HTTP/1.1" 200 220
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/p.gif HTTP/1.1" 200 146
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/qoute.gif HTTP/1.1" 200 152
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/mail.gif HTTP/1.1" 200 201
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tleft.gif HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tcenter.gif HTTP/1.1" 200 135
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tright.gif HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tblock.gif HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/copy.gif HTTP/1.1" 200 143
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/reg.gif HTTP/1.1" 200 144
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/ex.gif HTTP/1.1" 200 141
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/list.gif HTTP/1.1" 200 141
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/code.gif HTTP/1.1" 200 139
85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/hr.gif HTTP/1.1" 200 127
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/euro.gif HTTP/1.1" 200 139
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/help.gif HTTP/1.1" 200 594
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cwhite.gif HTTP/1.1" 200 63
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cgray.gif HTTP/1.1" 200 76
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cbleu.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cblue.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cred.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/corange.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cyellow.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cgreen.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cdarkgray.gif HTTP/1.1" 200 80
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/angry.gif HTTP/1.1" 200 375
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/biggrin.gif HTTP/1.1" 200 244
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/confused.gif HTTP/1.1" 200 93
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/cool.gif HTTP/1.1" 200 370
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/img.gif HTTP/1.1" 200 295
85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/cry.gif HTTP/1.1" 200 203
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/evil.gif HTTP/1.1" 200 99
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/frown.gif HTTP/1.1" 200 378
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/laugh.gif HTTP/1.1" 200 158
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/rolleyes.gif HTTP/1.1" 200 361
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/surprised.gif HTTP/1.1" 200 370
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/smilie.gif HTTP/1.1" 200 375
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/wink.gif HTTP/1.1" 200 375
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/tongue.gif HTTP/1.1" 200 377
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/hearts.gif HTTP/1.1" 200 274
85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /include.php?fx=captcha HTTP/1.1" 200 4099
85.214.61.152 - - [01/Aug/2009:01:02:56 +0200] "POST /include.php?path=contentsubmit&type=1 HTTP/1.1" 302 -
85.214.61.152 - - [01/Aug/2009:01:02:58 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606
85.214.61.152 - - [01/Aug/2009:01:02:57 +0200] "GET /include.php?event=submit_info HTTP/1.1" 200 10670
85.214.61.152 - - [01/Aug/2009:01:03:07 +0200] "GET /images/smilies/upp.php HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:03:08 +0200] "GET /favicon.ico HTTP/1.1" 200 17878
85.214.61.152 - - [01/Aug/2009:01:03:18 +0200] "POST /images/smilies/upp.php HTTP/1.1" 200 157
85.214.61.152 - - [01/Aug/2009:01:03:27 +0200] "GET /images/smilies/temp.php HTTP/1.1" 200 6074
85.214.61.152 - - [01/Aug/2009:01:03:28 +0200] "GET /images/smilies/temp.php?act=img&img=search HTTP/1.1" 200 250
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=back HTTP/1.1" 200 119
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=buffer HTTP/1.1" 200 163
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=sort_asc HTTP/1.1" 200 85
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=small_dir HTTP/1.1" 200 164
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=ext_diz HTTP/1.1" 200 1027
85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=home HTTP/1.1" 200 209
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_lnk HTTP/1.1" 200 572
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_gif HTTP/1.1" 200 175
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=download HTTP/1.1" 200 161
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=change HTTP/1.1" 200 290
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_php HTTP/1.1" 200 79
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=arrow_ltr HTTP/1.1" 200 88
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=up HTTP/1.1" 200 199
85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=forward HTTP/1.1" 200 119
85.214.61.152 - - [01/Aug/2009:01:03:31 +0200] "GET /images/smilies/temp.php?act=img&img=refresh HTTP/1.1" 200 200
85.214.61.152 - - [01/Aug/2009:01:04:05 +0200] "GET /images/smilies/temp.php?act=gofile&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2Fim ages%2Fsmilies%2F&f=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2Fpk inc%2Frep%2Fsites%2Finclude%2Fdata%2Fsql.php HTTP/1.1" 200 5800
85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_txt HTTP/1.1" 200 132
85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_html HTTP/1.1" 200 230
85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_exe HTTP/1.1" 200 118
85.214.61.152 - - [01/Aug/2009:01:04:07 +0200] "GET /images/smilies/temp.php?act=img&img=ext_ini HTTP/1.1" 200 134
85.214.61.152 - - [01/Aug/2009:01:04:08 +0200] "GET /images/smilies/temp.php?act=img&img=ext_rtf HTTP/1.1" 200 164
85.214.61.152 - - [01/Aug/2009:01:04:26 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5994
85.214.61.152 - - [01/Aug/2009:01:04:27 +0200] "GET /images/smilies/temp.php?act=img&img=ext_swf HTTP/1.1" 200 254
85.214.61.152 - - [01/Aug/2009:01:04:28 +0200] "GET /images/smilies/temp.php?act=img&img=ext_ico HTTP/1.1" 200 175
85.214.61.152 - - [01/Aug/2009:01:04:29 +0200] "GET /images/smilies/temp.php?act=img&img=ext_js HTTP/1.1" 200 131
85.214.61.152 - - [01/Aug/2009:01:04:29 +0200] "GET /images/smilies/temp.php?act=sql&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F HTTP/1.1" 200 4702
85.214.61.152 - - [01/Aug/2009:01:04:43 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5006
85.214.61.152 - - [01/Aug/2009:01:05:08 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit HTTP/1.1" 200 8075
85.214.61.152 - - [01/Aug/2009:01:05:09 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_empty HTTP/1.1" 200 838
85.214.61.152 - - [01/Aug/2009:01:05:10 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_drop HTTP/1.1" 200 859
85.214.61.152 - - [01/Aug/2009:01:05:10 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_insert HTTP/1.1" 200 854
85.214.61.152 - - [01/Aug/2009:01:05:13 +0200] "GET /images/smilies/temp.php?act=img&img=multipage HTTP/1.1" 200 82
85.214.61.152 - - [01/Aug/2009:01:05:12 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit&sql_db=phpkit&sql_tbl=phpkit_user HTTP/1.1" 200 15631
85.214.61.152 - - [01/Aug/2009:01:05:22 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit&sql_tbl=phpkit_user&sql_act=tbldump&thistbl=1 HTTP/1.1" 200 5761
85.214.61.152 - - [01/Aug/2009:01:05:55 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5994
85.214.61.152 - - [01/Aug/2009:01:06:02 +0200] "GET /images/smilies/temp.php?act=img&img=ext_js HTTP/1.1" 200 131
85.214.61.152 - - [01/Aug/2009:01:06:18 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5188
85.214.61.152 - - [01/Aug/2009:01:06:33 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 6215
85.214.61.152 - - [01/Aug/2009:01:06:36 +0200] "GET /images/smilies/temp.php?act=img&img=ext_sql HTTP/1.1" 200 1034
85.214.61.152 - - [01/Aug/2009:01:06:37 +0200] "GET / HTTP/1.1" 200 1278
85.214.61.152 - - [01/Aug/2009:01:06:38 +0200] "GET /icons/folder.gif HTTP/1.1" 200 225
85.214.61.152 - - [01/Aug/2009:01:06:38 +0200] "GET /icons/blank.gif HTTP/1.1" 200 148
85.214.61.152 - - [01/Aug/2009:01:06:40 +0200] "GET / HTTP/1.1" 200 1278
85.214.61.152 - - [01/Aug/2009:01:06:41 +0200] "GET /icons/blank.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:41 +0200] "GET /icons/folder.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:42 +0200] "GET / HTTP/1.1" 200 1278
85.214.61.152 - - [01/Aug/2009:01:06:44 +0200] "GET /icons/blank.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:44 +0200] "GET /icons/folder.gif HTTP/1.1" 304 -
85.214.61.152 - - [01/Aug/2009:01:06:51 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5204
85.214.61.152 - - [01/Aug/2009:01:07:03 +0200] "POST /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5341
85.214.61.152 - - [01/Aug/2009:01:07:10 +0200] "GET / HTTP/1.1" 200 2114
85.214.61.152 - - [01/Aug/2009:01:08:09 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5230
85.214.61.152 - - [01/Aug/2009:01:05:31 +0200] "GET /images/smilies/temp.php?act=sql&sql_act=dump&sql_db=phpkit&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_tbl=phpkit_user&sql_db=phpkit&dmptbls=phpkit_user&sql_dump_file=.%2Fdump_zyrusthc.homeip.net_phpkit_ 01-08-2009-01-05-23.sql&sql_dump_download=1&sql_dump_savetofile=1&submit=Dump HTTP/1.1" 200 3629804
85.214.61.152 - - [01/Aug/2009:01:16:53 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:17:26 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:19:43 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:22:36 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:02 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:02 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
Eine whois Abfrage auf die IP Adresse ergab:
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '85.214.16.0 - 85.214.139.255'
inetnum: 85.214.16.0 - 85.214.139.255
netname: STRATO-RZG-DED2
descr: Strato Rechenzentrum, Berlin
country: DE
admin-c: CM265-RIPE
tech-c: XX1-RIPE
tech-c: WB14-RIPE
status: ASSIGNED PA
remarks: ************************************************** *
remarks: * Abuse Contact: abuse@strato.de in case of Spam, *
remarks: * Hack Attacks, Illegal Activity, Violation, etc. *
remarks: ************************************************** *
mnt-by: STRATO-RZG-MNT
source: RIPE # Filtered
person: Christian Mueller
address: Cronon AG
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 398020
fax-no: +49 30 39802222
abuse-mailbox: abuse@strato.de
nic-hdl: CM265-RIPE
remarks: see also: XX1-RIPE CM5081-NSI CM1-ABC SOUL-RIPE
mnt-by: CRONON-MNT
source: RIPE # Filtered
person: Christian Xaver Mueller
address: Cronon AG
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 398020
fax-no: +49 30 39 802-222
abuse-mailbox: abuse@strato.de
nic-hdl: XX1-RIPE
remarks: see also: CM265-RIPE SOUL-RIPE
mnt-by: CRONON-MNT
source: RIPE # Filtered
person: Wilhelm Boeddinghaus
address: Strato Rechenzentrum GmbH
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 39802-0
fax-no: +49 30 39802-222
nic-hdl: WB14-RIPE
remarks: see also INTERNIC: >WB131<
mnt-by: CRONON-MNT
source: RIPE # Filtered
% Information related to '85.214.0.0/16AS6724'
route: 85.214.0.0/16
descr: Strato Rechenzentrum
origin: AS6724
mnt-by: STRATO-RZG-MNT
source: RIPE # Filtered
Bei der IP handelt es sich ja offensichtlich um einen Rootserver aus der Strato Serverfarm.
Angemeldet hat sich der Benutzer auf meiner Website mit dem Benutzernamen und Email Maik.Sebastian1988@web.de .
Mittlerweile ist meine Seite wieder erreichbar und auf dem neusten Stand. Jedoch überlege ich aufgrund der Dreistheit alles zu löschen, ob ich den jenigen Anzeigen sollte.
Was würdet ihr tun?
Greeeez Oli