我对我的网络服务器进行了攻击,在那里,FTP将html的档案整理成一个公开的html名录。
优惠制密码非常强。
我试图确定PHP是否开始转让FTP。 是否有能够向我提供这一信息的阿帕奇或尼克斯记录?
Additional information I have FTP log entries which seem to show different IPs were used to login and copy the files. I m not sure but does the ? before the IP indicate except it is not the account user (which in this case is kingdom)? It looks like several different IPs logged - each one copying a different file - all in the space of less than 30 seconds. The offending files are "mickey66.html", "mickey66.jpg", and "canopy37.html".
2010-06-17T21:24:02.073070+0 上午0
2010-06-17T21:24:06.632472+0-1 0-0webservermol-ftpd:(?@77.250.141.158) [INFO] 沙特王国现在处于gged状态。
2010-06-17T21:24:07.216924+1 0-0 webserver organic-ftpd:(kingdom@77.250.141.158) [NOTICE] /home/kingdom/public_html/mickey66.html uploaded (80 bytes, 0.26KB/sec)
2010-06-17T21:24:07.364313+0-1, webservermol-ftpd:(kingdom@77.250.141.158) [INFO] 记录。
2010-06-17T21:24:08.711231+0-1网络服务器纯倾斜:(?@78.88.175.77) [INFO] 沙特王国现在被拖入。
2010-06-17T21:24:10.720315+1 0-0 webservermol-ftpd:(kingdom@78.88.175.77) [NOTICE] /home/kingdom/public_html/mickey66.jpg uploaded (40835 bytes, 35.90KB/sec)
2010-06-17T21:24:10.848782+0-10网络服务器纯倾斜: (kingdom@78.88.175.77) [INFO]logout.
2010-06-17T21:24:18.528074+0-1 0-ftpd: (kingdom@190.20.76.74) [INFO]logout.
2010-06-17T21:24:22.023673+0 上午0-0 网上服务器纯倾斜:(?@85.130.254.227) [INFO] 沙特王国现在被困在网上。
2010-06-17T21:24:23.470817+0-1网络服务器纯倾斜: (kingdom@85.130.254.227) [NOTICE] /home/kingdom/public_html/mickey66.html uploaded (80 bytes, 0.38KB/sec)
2010-06-17T21:24:23.655023+0-1 0-0 webservermol-ftpd:(kingdom@85.130.254.227) [INFO] 记录。
2010-06-17T21:24:26.249887+0 1-0webserver organic-ftpd:(?@95.209.254.137) [INFO] 沙特王国现在被困在网上。
2010-06-17T21:24:28.461310+0-1网络服务器纯倾斜: (kingdom@95.209.254.137) [NOTICE] /home/kingdom/public_html/canopy37.html上载(80 bytes, 0.26KB/sec)
2010-06-17T21:24:28.760513+0 上午0 [INFO] 记录。