Hallo zusammen
Ich hatte bei meinen Updates für mein PHPKit CMS geschlafen und gestern gegen 1Uhr hat jemand seinen Exploit an meiner Website ausprobiert und Erfolg gehabt. So dreist wie dieser jemand war hat er die komplette Seite gelöscht und einen Dump der Benutzerdatenbank meines CMS gezogen. Hinterlassen hat er blos eine html Datei , siehe Anhang.
Hier mal der betreffende Logsauschnitt und sein Vorgehen:
Eine whois Abfrage auf die IP Adresse ergab:Code:85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /fx/phpkit.ico HTTP/1.1" 200 1406 85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /fx/blank.gif HTTP/1.1" 200 43 85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /images/catimages/www.gif HTTP/1.1" 200 356 85.214.61.152 - - [01/Aug/2009:01:01:31 +0200] "GET /include.php?path=content/news.php HTTP/1.1" 200 20358 85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /images/pageup.gif HTTP/1.1" 200 90 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/blank.gif HTTP/1.1" 200 58 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /pkinc/publictpl/srvinfo/img/linux.gif HTTP/1.1" 200 479 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /statit/statit.js HTTP/1.1" 200 3707 85.214.61.152 - - [01/Aug/2009:01:01:33 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /pkinc/publictpl/srvinfo/img/point01.gif HTTP/1.1" 200 60 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/online.gif HTTP/1.1" 200 125 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/offline.gif HTTP/1.1" 200 116 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/bk-w.jpg HTTP/1.1" 200 1719 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/bk-z.jpg HTTP/1.1" 200 2095 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/heads.gif HTTP/1.1" 200 447 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /statit/statit.php?st_id=2&st_js=1&st_ref=http%3A%2F%2Fwww.google.de%2Fsearch%3Fhl%3Dde%26client%3Dfirefox-a%26channel%3Ds%26rls%3Dorg.mozilla%253Ade%253Aofficial%26q%3D%2522%2BDiese%2BWebsite%2Bwurde%2Bmit%2BPHPKIT%2BVersion%2B1.6.4%2Bpl3%2Berstellt%2522%2BBenutzer%2Bregistriert%26btnG%3DSuche%26meta%3D&st_dat=%2Finclude.php%3Fpath%3Dcontent%2Fnews.php&st_w=1024&st_h=768&st_c=32&st_fla=1&st_dir=0&st_qt=0&st_rm=0&st_pdf=1&st_wma=1&st_java=0&st_check=1 HTTP/1.1" 200 49 85.214.61.152 - - [01/Aug/2009:01:01:34 +0200] "GET /images/style/neo_black/banner.gif HTTP/1.1" 200 30353 85.214.61.152 - - [01/Aug/2009:01:01:42 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:01:41 +0200] "GET /include.php?path=registration HTTP/1.1" 200 15726 85.214.61.152 - - [01/Aug/2009:01:01:48 +0200] "GET /fx/form.js HTTP/1.1" 200 239 85.214.61.152 - - [01/Aug/2009:01:01:48 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:01:47 +0200] "POST /include.php?path=registration HTTP/1.1" 200 11937 85.214.61.152 - - [01/Aug/2009:01:01:49 +0200] "GET /include.php?fx=captcha HTTP/1.1" 200 5222 85.214.61.152 - - [01/Aug/2009:01:01:56 +0200] "POST /include.php?path=registration HTTP/1.1" 302 - 85.214.61.152 - - [01/Aug/2009:01:01:56 +0200] "GET /include.php?event=registration_successful HTTP/1.1" 200 10537 85.214.61.152 - - [01/Aug/2009:01:01:57 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:02:08 +0200] "GET /include.php? HTTP/1.1" 200 11401 85.214.61.152 - - [01/Aug/2009:01:02:08 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:02:09 +0200] "GET /status/vnstat/traffic_heute.html HTTP/1.1" 200 227 85.214.61.152 - - [01/Aug/2009:01:02:31 +0200] "GET /include.php?user=Maik.Sebastian1988%40web.de&userpw=0E99hi1QR&firstlog=1&uid=f9b3c559c85634445f77ed77c4560ab4 HTTP/1.1" 302 - 85.214.61.152 - - [01/Aug/2009:01:02:32 +0200] "GET /include.php?event=firstlogin HTTP/1.1" 200 10479 85.214.61.152 - - [01/Aug/2009:01:02:32 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:02:38 +0200] "GET /include.php?path=contentsubmit&type=1 HTTP/1.1" 200 20561 85.214.61.152 - - [01/Aug/2009:01:02:39 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:02:40 +0200] "GET /fx/main.js HTTP/1.1" 200 4168 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/i.gif HTTP/1.1" 200 142 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/b.gif HTTP/1.1" 200 140 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/u.gif HTTP/1.1" 200 144 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/s.gif HTTP/1.1" 200 143 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h2.gif HTTP/1.1" 200 125 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h3.gif HTTP/1.1" 200 126 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/h4.gif HTTP/1.1" 200 125 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/a.gif HTTP/1.1" 200 220 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/p.gif HTTP/1.1" 200 146 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/qoute.gif HTTP/1.1" 200 152 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/mail.gif HTTP/1.1" 200 201 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tleft.gif HTTP/1.1" 200 134 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tcenter.gif HTTP/1.1" 200 135 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tright.gif HTTP/1.1" 200 134 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/tblock.gif HTTP/1.1" 200 134 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/copy.gif HTTP/1.1" 200 143 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/reg.gif HTTP/1.1" 200 144 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/ex.gif HTTP/1.1" 200 141 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/list.gif HTTP/1.1" 200 141 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/code.gif HTTP/1.1" 200 139 85.214.61.152 - - [01/Aug/2009:01:02:41 +0200] "GET /fx/default/bbcode/hr.gif HTTP/1.1" 200 127 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/euro.gif HTTP/1.1" 200 139 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/help.gif HTTP/1.1" 200 594 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cwhite.gif HTTP/1.1" 200 63 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cgray.gif HTTP/1.1" 200 76 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cbleu.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cblue.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cred.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/corange.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cyellow.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cgreen.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/cdarkgray.gif HTTP/1.1" 200 80 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/angry.gif HTTP/1.1" 200 375 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/biggrin.gif HTTP/1.1" 200 244 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/confused.gif HTTP/1.1" 200 93 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/cool.gif HTTP/1.1" 200 370 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /fx/default/bbcode/img.gif HTTP/1.1" 200 295 85.214.61.152 - - [01/Aug/2009:01:02:42 +0200] "GET /images/smilies/cry.gif HTTP/1.1" 200 203 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/evil.gif HTTP/1.1" 200 99 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/frown.gif HTTP/1.1" 200 378 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/laugh.gif HTTP/1.1" 200 158 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/rolleyes.gif HTTP/1.1" 200 361 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/surprised.gif HTTP/1.1" 200 370 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/smilie.gif HTTP/1.1" 200 375 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/wink.gif HTTP/1.1" 200 375 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/tongue.gif HTTP/1.1" 200 377 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /images/smilies/hearts.gif HTTP/1.1" 200 274 85.214.61.152 - - [01/Aug/2009:01:02:43 +0200] "GET /include.php?fx=captcha HTTP/1.1" 200 4099 85.214.61.152 - - [01/Aug/2009:01:02:56 +0200] "POST /include.php?path=contentsubmit&type=1 HTTP/1.1" 302 - 85.214.61.152 - - [01/Aug/2009:01:02:58 +0200] "GET /include.php?fx=style&id=36 HTTP/1.1" 200 12606 85.214.61.152 - - [01/Aug/2009:01:02:57 +0200] "GET /include.php?event=submit_info HTTP/1.1" 200 10670 85.214.61.152 - - [01/Aug/2009:01:03:07 +0200] "GET /images/smilies/upp.php HTTP/1.1" 200 134 85.214.61.152 - - [01/Aug/2009:01:03:08 +0200] "GET /favicon.ico HTTP/1.1" 200 17878 85.214.61.152 - - [01/Aug/2009:01:03:18 +0200] "POST /images/smilies/upp.php HTTP/1.1" 200 157 85.214.61.152 - - [01/Aug/2009:01:03:27 +0200] "GET /images/smilies/temp.php HTTP/1.1" 200 6074 85.214.61.152 - - [01/Aug/2009:01:03:28 +0200] "GET /images/smilies/temp.php?act=img&img=search HTTP/1.1" 200 250 85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=back HTTP/1.1" 200 119 85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=buffer HTTP/1.1" 200 163 85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=sort_asc HTTP/1.1" 200 85 85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=small_dir HTTP/1.1" 200 164 85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=ext_diz HTTP/1.1" 200 1027 85.214.61.152 - - [01/Aug/2009:01:03:29 +0200] "GET /images/smilies/temp.php?act=img&img=home HTTP/1.1" 200 209 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_lnk HTTP/1.1" 200 572 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_gif HTTP/1.1" 200 175 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=download HTTP/1.1" 200 161 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=change HTTP/1.1" 200 290 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=ext_php HTTP/1.1" 200 79 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=arrow_ltr HTTP/1.1" 200 88 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=up HTTP/1.1" 200 199 85.214.61.152 - - [01/Aug/2009:01:03:30 +0200] "GET /images/smilies/temp.php?act=img&img=forward HTTP/1.1" 200 119 85.214.61.152 - - [01/Aug/2009:01:03:31 +0200] "GET /images/smilies/temp.php?act=img&img=refresh HTTP/1.1" 200 200 85.214.61.152 - - [01/Aug/2009:01:04:05 +0200] "GET /images/smilies/temp.php?act=gofile&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2Fimages%2Fsmilies%2F&f=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2Fpkinc%2Frep%2Fsites%2Finclude%2Fdata%2Fsql.php HTTP/1.1" 200 5800 85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_txt HTTP/1.1" 200 132 85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_html HTTP/1.1" 200 230 85.214.61.152 - - [01/Aug/2009:01:04:06 +0200] "GET /images/smilies/temp.php?act=img&img=ext_exe HTTP/1.1" 200 118 85.214.61.152 - - [01/Aug/2009:01:04:07 +0200] "GET /images/smilies/temp.php?act=img&img=ext_ini HTTP/1.1" 200 134 85.214.61.152 - - [01/Aug/2009:01:04:08 +0200] "GET /images/smilies/temp.php?act=img&img=ext_rtf HTTP/1.1" 200 164 85.214.61.152 - - [01/Aug/2009:01:04:26 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5994 85.214.61.152 - - [01/Aug/2009:01:04:27 +0200] "GET /images/smilies/temp.php?act=img&img=ext_swf HTTP/1.1" 200 254 85.214.61.152 - - [01/Aug/2009:01:04:28 +0200] "GET /images/smilies/temp.php?act=img&img=ext_ico HTTP/1.1" 200 175 85.214.61.152 - - [01/Aug/2009:01:04:29 +0200] "GET /images/smilies/temp.php?act=img&img=ext_js HTTP/1.1" 200 131 85.214.61.152 - - [01/Aug/2009:01:04:29 +0200] "GET /images/smilies/temp.php?act=sql&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F HTTP/1.1" 200 4702 85.214.61.152 - - [01/Aug/2009:01:04:43 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5006 85.214.61.152 - - [01/Aug/2009:01:05:08 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit HTTP/1.1" 200 8075 85.214.61.152 - - [01/Aug/2009:01:05:09 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_empty HTTP/1.1" 200 838 85.214.61.152 - - [01/Aug/2009:01:05:10 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_drop HTTP/1.1" 200 859 85.214.61.152 - - [01/Aug/2009:01:05:10 +0200] "GET /images/smilies/temp.php?act=img&img=sql_button_insert HTTP/1.1" 200 854 85.214.61.152 - - [01/Aug/2009:01:05:13 +0200] "GET /images/smilies/temp.php?act=img&img=multipage HTTP/1.1" 200 82 85.214.61.152 - - [01/Aug/2009:01:05:12 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit&sql_db=phpkit&sql_tbl=phpkit_user HTTP/1.1" 200 15631 85.214.61.152 - - [01/Aug/2009:01:05:22 +0200] "GET /images/smilies/temp.php?act=sql&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_db=phpkit&sql_tbl=phpkit_user&sql_act=tbldump&thistbl=1 HTTP/1.1" 200 5761 85.214.61.152 - - [01/Aug/2009:01:05:55 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5994 85.214.61.152 - - [01/Aug/2009:01:06:02 +0200] "GET /images/smilies/temp.php?act=img&img=ext_js HTTP/1.1" 200 131 85.214.61.152 - - [01/Aug/2009:01:06:18 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5188 85.214.61.152 - - [01/Aug/2009:01:06:33 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 6215 85.214.61.152 - - [01/Aug/2009:01:06:36 +0200] "GET /images/smilies/temp.php?act=img&img=ext_sql HTTP/1.1" 200 1034 85.214.61.152 - - [01/Aug/2009:01:06:37 +0200] "GET / HTTP/1.1" 200 1278 85.214.61.152 - - [01/Aug/2009:01:06:38 +0200] "GET /icons/folder.gif HTTP/1.1" 200 225 85.214.61.152 - - [01/Aug/2009:01:06:38 +0200] "GET /icons/blank.gif HTTP/1.1" 200 148 85.214.61.152 - - [01/Aug/2009:01:06:40 +0200] "GET / HTTP/1.1" 200 1278 85.214.61.152 - - [01/Aug/2009:01:06:41 +0200] "GET /icons/blank.gif HTTP/1.1" 304 - 85.214.61.152 - - [01/Aug/2009:01:06:41 +0200] "GET /icons/folder.gif HTTP/1.1" 304 - 85.214.61.152 - - [01/Aug/2009:01:06:42 +0200] "GET / HTTP/1.1" 200 1278 85.214.61.152 - - [01/Aug/2009:01:06:44 +0200] "GET /icons/blank.gif HTTP/1.1" 304 - 85.214.61.152 - - [01/Aug/2009:01:06:44 +0200] "GET /icons/folder.gif HTTP/1.1" 304 - 85.214.61.152 - - [01/Aug/2009:01:06:51 +0200] "GET /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5204 85.214.61.152 - - [01/Aug/2009:01:07:03 +0200] "POST /images/smilies/temp.php?act=ls&d=%2Fvar%2Fwww%2Fextern%2Fzyrusthc.homeip.net%2F&sort=0a HTTP/1.1" 200 5341 85.214.61.152 - - [01/Aug/2009:01:07:10 +0200] "GET / HTTP/1.1" 200 2114 85.214.61.152 - - [01/Aug/2009:01:08:09 +0200] "POST /images/smilies/temp.php? HTTP/1.1" 200 5230 85.214.61.152 - - [01/Aug/2009:01:05:31 +0200] "GET /images/smilies/temp.php?act=sql&sql_act=dump&sql_db=phpkit&sql_login=xxxx&sql_passwd=xxxx&sql_server=localhost&sql_port=3306&sql_tbl=phpkit_user&sql_db=phpkit&dmptbls=phpkit_user&sql_dump_file=.%2Fdump_zyrusthc.homeip.net_phpkit_01-08-2009-01-05-23.sql&sql_dump_download=1&sql_dump_savetofile=1&submit=Dump HTTP/1.1" 200 3629804 85.214.61.152 - - [01/Aug/2009:01:16:53 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:17:26 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:19:43 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:22:36 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:02 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:02 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:03 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122 85.214.61.152 - - [01/Aug/2009:01:25:04 +0200] "GET / HTTP/1.1" 200 122
Bei der IP handelt es sich ja offensichtlich um einen Rootserver aus der Strato Serverfarm.Code:% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '85.214.16.0 - 85.214.139.255' inetnum: 85.214.16.0 - 85.214.139.255 netname: STRATO-RZG-DED2 descr: Strato Rechenzentrum, Berlin country: DE admin-c: CM265-RIPE tech-c: XX1-RIPE tech-c: WB14-RIPE status: ASSIGNED PA remarks: *************************************************** remarks: * Abuse Contact: abuse@strato.de in case of Spam, * remarks: * Hack Attacks, Illegal Activity, Violation, etc. * remarks: *************************************************** mnt-by: STRATO-RZG-MNT source: RIPE # Filtered person: Christian Mueller address: Cronon AG address: Pascalstrasse 10 address: D-10587 Berlin address: Germany phone: +49 30 398020 fax-no: +49 30 39802222 abuse-mailbox: abuse@strato.de nic-hdl: CM265-RIPE remarks: see also: XX1-RIPE CM5081-NSI CM1-ABC SOUL-RIPE mnt-by: CRONON-MNT source: RIPE # Filtered person: Christian Xaver Mueller address: Cronon AG address: Pascalstrasse 10 address: D-10587 Berlin address: Germany phone: +49 30 398020 fax-no: +49 30 39 802-222 abuse-mailbox: abuse@strato.de nic-hdl: XX1-RIPE remarks: see also: CM265-RIPE SOUL-RIPE mnt-by: CRONON-MNT source: RIPE # Filtered person: Wilhelm Boeddinghaus address: Strato Rechenzentrum GmbH address: Pascalstrasse 10 address: D-10587 Berlin address: Germany phone: +49 30 39802-0 fax-no: +49 30 39802-222 nic-hdl: WB14-RIPE remarks: see also INTERNIC: >WB131< mnt-by: CRONON-MNT source: RIPE # Filtered % Information related to '85.214.0.0/16AS6724' route: 85.214.0.0/16 descr: Strato Rechenzentrum origin: AS6724 mnt-by: STRATO-RZG-MNT source: RIPE # Filtered
Angemeldet hat sich der Benutzer auf meiner Website mit dem Benutzernamen und Email Maik.Sebastian1988@web.de .
Mittlerweile ist meine Seite wieder erreichbar und auf dem neusten Stand. Jedoch überlege ich aufgrund der Dreistheit alles zu löschen, ob ich den jenigen Anzeigen sollte.
Was würdet ihr tun?
Greeeez Oli
Lesezeichen