<以下 MacOS上で動いているあるサーバーのログ>
FTP不正アクセス例(じゃないのもあるけど) 抜粋
7:43 PM 02.1.6 80.11.49.204 Ngpuser@home.com 39 ログイン Guest ←*gpuser,*はA~Zまで多様
7:44 PM 02.1.6 80.11.49.204 Ngpuser@home.com 39 ログアウト Guest
0:52 AM 02.2.9 218.43.23.224 Anonymous 1 拒否されたログイン no anonymous
access allowed
1:13 PM 02.2.10 218.43.23.224 Anonymous 2 拒否されたログイン no anonymous
access allowed
11:06 AM 02.7.4 62.5.52.111 Anonymous 9 拒否されたログイン no anonymous
access allowed
11:14 AM 02.7.4 62.5.52.111 Anonymous 10 拒否されたログイン no anonymous
access allowed
11:58 AM 02.7.4 62.5.52.111 Anonymous 11 拒否されたログイン no anonymous
access allowed
0:53 PM 02.7.4 62.5.52.111 Anonymous 12 拒否されたログイン no anonymous
access allowed
1:02 PM 02.7.4 62.5.52.111 Anonymous 13 拒否されたログイン no anonymous
access allowed
6:31 PM 02.7.7 80.11.137.155 Anonymous 15 拒否されたログイン no anonymous
access allowed
3:21 AM 02.7.8 217.227.70.212 Anonymous 24 拒否されたログイン no anonymous
access allowed
1:26 PM 02.7.11 217.235.113.29 Anonymous 4 拒否されたログイン no anonymous
access allowed
CodeRedアクセス例 抜粋
07/18/2002 14:54:47 OK pd9541d17.dip.t-dialin.net 0 132 200 Configuration
!!CodeRedKiller-PLUGIN 07/18/02 16:01:11 WARNING Code Red !!!!!!!!
4039 bytes received.
!!CodeRedKiller-PLUGIN GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0
Content-type: text/xml
HOST:www.worm.com
Accept: */*
Content-length: 3569
U駆*
.不明アクセス+α 抜粋
.07/29/2002 19:10:26 ERR! 210.78.157.248 /scripts/root.exe 522
GET /c+dir 2809 www 404 Configuration
07/29/2002 19:10:32 ERR! 210.78.157.247 /MSADC/root.exe 522 GET
/c+dir 72 www 404 Configuration
07/29/2002 19:10:36 ERR! 210.78.157.239 /c/winnt/system32/cmd.exe
522 GET /c+dir 71 www 404 Configuration
07/29/2002 19:11:24 ERR! 210.78.157.228 /d/winnt/system32/cmd.exe
522 GET /c+dir 2808 www 404 Configuration
07/29/2002 19:12:16 ERR! 210.78.157.246 /scripts/..%255c../winnt/system32/cmd.exe
522 GET /c+dir 2917 www 404 Configuration
途中省略
07/29/2002 19:17:23 ERR! 210.78.157.229 /scripts/..%252f../winnt/system32/cmd.exe
522 GET /c+dir 31 www 404
07/30/2002 01:58:54 OK 65.195.133.22 0 2991 200 Configuration
07/30/2002 03:59:52 OK 216.158.225.158 0 2943 200 Configuration
07/30/2002 07:20:29 OK 141.155.241.98 0 162 200 Configuration
07/31/2002 12:17:15 OK b067135.adsl.hansenet.de / 1523 GET 5 200
Configuration
07/31/2002 12:42:38 OK user-119be5a.biz.mindspring.com 0 129 200
Configuration
07/31/2002 22:06:08 OK adam.nni.com 0 41 200 Configuration
その他..検索エンジンのアクセス例 抜粋
08/01/2002 10:10:56 ERR! 66.35.208.59 /robots.txt 524 Mozilla/4.0 compatible ZyBorg/1.0 (wn.zyborg@looksmart.net; http://www.WISEnutbot.com) GET 2914 foram.jp 404 Configuration
08/01/2002 12:30:02 OK 65.116.145.45 /toyoho/
1030 Mozilla/4.0 compatible ZyBorg/1.0 (wn.zyborg@looksmart.net;
http://www.WISEnutbot.com) GET 2915 foram.jp 200 Configuration
08/01/2002 12:31:49 OK 65.116.145.45 / 1511 Mozilla/4.0 compatible
ZyBorg/1.0 (wn.zyborg@looksmart.net; http://www.WISEnutbot.com)
GET 2813 foram.jp 200 Configuration
08/01/2002 12:40:13 OK crawl5.googlebot.com /toyoho/ikikata/dani1.html
647 googlebot(at)googlebot.com Googlebot/2.1 (+http://www.googlebot.com/bot.html)
GET 38 foram.jp 200 Configuration
<8Fごえもん ブートログの例>
/var/log/boot.log
起動時
Jul 25 21:37:58 goemon syslog: syslogd startup
succeeded
Jul 25 21:37:58 goemon syslog: klogd startup succeeded
Jul 25 21:37:59 goemon portmap: portmap startup succeeded
Jul 25 21:37:59 goemon nfslock: rpc.statd startup succeeded
Jul 25 21:38:00 goemon autofs: autofs startup succeeded
Jul 25 21:38:00 goemon random: Initializing random number generator:
succeeded
Jul 25 21:37:36 goemon rc.sysinit: Mounting proc filesystem: succeeded
Jul 25 21:37:36 goemon sysctl: net.ipv4.ip_forward = 1
Jul 25 21:37:36 goemon sysctl: net.ipv4.tcp_syncookies = 1
Jul 25 21:37:36 goemon sysctl: net.ipv4.conf.default.rp_filter
= 1
Jul 25 21:37:36 goemon sysctl: kernel.core_uses_pid = 1
Jul 25 21:37:36 goemon rc.sysinit: Configuring kernel parameters:
succeeded
Jul 25 21:37:36 goemon date: Thu Jul 25 21:37:30 JST 2002
Jul 25 21:38:02 goemon netfs: Mounting other filesystems: succeeded
Jul 25 21:37:36 goemon rc.sysinit: Setting clock (localtime):
Thu Jul 25 21:37:30 JST 2002 succeeded
Jul 25 21:37:36 goemon rc.sysinit: Loading default keymap succeeded
Jul 25 21:37:36 goemon rc.sysinit: Activating swap partitions:
succeeded
Jul 25 21:37:36 goemon rc.sysinit: Setting hostname goemon.ep.sci.hokudai.ac.jp:
succeeded
Jul 25 21:37:36 goemon rc.sysinit: Mounting USB filesystem: succeeded
Jul 25 21:37:36 goemon fsck: /: clean, 100976/274176 files, 451621/548352
blocks
Jul 25 21:38:03 goemon apmd: apmd startup succeeded
Jul 25 21:37:36 goemon rc.sysinit: Checking root filesystem succeeded
Jul 25 21:37:36 goemon rc.sysinit: Remounting root filesystem
in read-write mode: succeeded
Jul 25 21:37:38 goemon rc.sysinit: Finding module dependencies:
succeeded
Jul 25 21:38:03 goemon identd: identd startup succeeded
Jul 25 21:37:38 goemon modprobe: Warning: loading /lib/modules/2.4.18-0vl3/kernel/drivers/video/encode-eucjp.o
will taint the kernel: no license
Jul 25 21:37:38 goemon modprobe: See http://www.tux.org/lkml/#s1-18
for information about tainted modules
Jul 25 21:37:38 goemon modprobe: Module encode-eucjp loaded, with
warnings
Jul 25 21:37:38 goemon rc.sysinit: Loading unicon module (encode-eucjp):
succeeded
Jul 25 21:37:38 goemon fsck: /boot: clean, 34/13104 files, 13248/52384
blocks
Jul 25 21:38:04 goemon rc: Starting pcmcia: succeeded
Jul 25 21:37:38 goemon rc.sysinit: Checking filesystems succeeded
Jul 25 21:37:38 goemon rc.sysinit: Mounting local filesystems:
succeeded
Jul 25 21:37:38 goemon rc.sysinit: Enabling local filesystem quotas:
succeeded
Jul 25 21:37:39 goemon rc.sysinit: Enabling swap space: succeeded
Jul 25 21:37:43 goemon rc: Starting murasaki: succeeded
Jul 25 21:38:04 goemon inet: inetd startup succeeded
Jul 25 21:37:43 goemon kudzu: Updating /etc/fstab succeeded
Jul 25 21:37:52 goemon kudzu: succeeded
Jul 25 21:37:52 goemon sysctl: net.ipv4.ip_forward = 1
Jul 25 21:38:05 goemon sshd: Starting sshd:
Jul 25 21:37:52 goemon sysctl: net.ipv4.tcp_syncookies = 1
Jul 25 21:37:52 goemon sysctl: net.ipv4.conf.default.rp_filter
= 1
Jul 25 21:37:52 goemon sysctl: kernel.core_uses_pid = 1
Jul 25 21:37:52 goemon network: Setting network parameters: succeeded
Jul 25 21:37:53 goemon network: Bringing up loopback interface:
succeeded
Jul 25 21:37:55 goemon network: Bringing up interface eth0: succeeded
Jul 25 21:38:07 goemon sshd: succeeded
Jul 25 21:37:58 goemon network: Bringing up interface eth1: succeeded
Jul 25 21:38:07 goemon sshd:
Jul 25 21:38:07 goemon rc: Starting sshd: succeeded
Jul 25 21:38:09 goemon lpd: lpd startup succeeded
Jul 25 21:38:09 goemon keytable: Loading keymap:
Jul 25 21:38:09 goemon keytable: Loading /usr/lib/kbd/keymaps/i386/qwerty/jp106.kmap.gz
Jul 25 21:38:09 goemon keytable: Loading system font:
Jul 25 21:38:09 goemon rc: Starting keytable: succeeded
Jul 25 21:38:10 goemon postfix: Starting postfix:
Jul 25 21:38:14 goemon postfix: postfix
Jul 25 21:38:14 goemon rc: Starting postfix: succeeded
Jul 25 21:38:14 goemon gpm: gpm startup succeeded
Jul 25 21:38:17 goemon httpd: httpd startup succeeded
Jul 25 21:38:17 goemon FreeWnn: Starting FreeWnn:
Jul 25 21:38:18 goemon FreeWnn:
Jul 25 21:38:18 goemon FreeWnn:
Jul 25 21:38:18 goemon FreeWnn: Nihongo Multi Client Server (FreeWnn
1.1.0pl18)
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/kihon.dic^I
Fid = 1
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/setsuji.dic^I
Fid = 2
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/koyuu.dic^I
Fid = 3
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/chimei.dic^I
Fid = 4
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/jinmei.dic^I
Fid = 5
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/special.dic^I
Fid = 6
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/computer.dic^I
Fid = 7
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/symbol.dic^I
Fid = 8
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/tankan.dic^I
Fid = 9
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/bio.dic^I
Fid = 10
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/gerodic/g-jinmei.dic^I
Fid = 11
Jul 25 21:38:18 goemon FreeWnn: Reading /etc/FreeWnn/ja/dic/pubdic/full.fzk^I
Fid = 12
Jul 25 21:38:18 goemon FreeWnn: Finished Reading Files
Jul 25 21:38:18 goemon rc: Starting FreeWnn: succeeded
Jul 25 21:38:18 goemon crond: crond startup succeeded
Jul 25 21:38:20 goemon xfs: xfs startup succeeded
Jul 25 21:38:20 goemon canna: Starting Canna server:
Jul 25 21:38:21 goemon canna:
Jul 25 21:38:21 goemon rc: Starting canna: succeeded
Jul 25 21:38:21 goemon anacron: anacron startup succeeded
Jul 25 21:38:21 goemon atd: atd startup succeeded
Jul 25 21:38:23 goemon firewall: /etc/rc5.d/S99firewall: line
958: syntax error: unexpected end of file ←設定ミスでこうなっていました
Jul 25 21:38:23 goemon rc: Starting firewall: failed
Jul 25 21:38:24 goemon start: Starting
Webmin server in /usr/share/webmin
Jul 25 21:38:26 goemon webmin: Starting Webmin: succeeded
終了時
Jul 25 21:35:18 goemon stop: Stopping Webmin
server in /usr/share/webmin
Jul 25 21:35:18 goemon webmin: Stopping Webmin: succeeded
Jul 25 21:35:19 goemon atd: atd shutdown succeeded
Jul 25 21:35:19 goemon rc: Stopping keytable: succeeded
Jul 25 21:35:19 goemon xfs: xfs shutdown succeeded
Jul 25 21:35:19 goemon canna: Shutting down Canna server:
Jul 25 21:35:19 goemon canna:
Jul 25 21:35:19 goemon rc: Stopping canna: succeeded
Jul 25 21:35:19 goemon gpm: gpm shutdown succeeded
Jul 25 21:35:20 goemon httpd: httpd shutdown succeeded
Jul 25 21:35:20 goemon sshd: sshd -TERM succeeded
Jul 25 21:35:20 goemon postfix: Shutting down postfix:
Jul 25 21:35:20 goemon postfix: postfix
Jul 25 21:35:20 goemon rc: Stopping postfix: succeeded
Jul 25 21:35:20 goemon inet: inetd shutdown succeeded
Jul 25 21:35:20 goemon crond: crond shutdown succeeded
Jul 25 21:35:21 goemon lpd: lpd shutdown succeeded
Jul 25 21:35:21 goemon identd: identd shutdown succeeded
Jul 25 21:35:22 goemon apmd: apmd shutdown succeeded
Jul 25 21:35:22 goemon dd: 1+0 records in
Jul 25 21:35:22 goemon dd: 1+0 records out
Jul 25 21:35:22 goemon random: Saving random seed: succeeded
Jul 25 21:35:23 goemon autofs: automount -USR2 succeeded
Jul 25 21:35:26 goemon nfslock: rpc.statd shutdown succeeded
Jul 25 21:35:26 goemon portmap: portmap shutdown succeeded
Jul 25 21:35:27 goemon syslog: klogd shutdown succeeded