時々Apacheのログに
Ringing.at.your.dorbell!
というリクエストがあったりします。
実際のApacheのログはこんな感じ。
"GET /Ringing.at.your.dorbell! HTTP/1.0" 404 301 "https://www.youtube.com/watch?v=FoUWHfh733Y" "x00_-gawa.sa.pilipinas.2015"
これは、そのアクセス元からの存在チェック的なリクエストで、いたずらの前にこのリクエストがあったりします。
※404が返ってくるならWebサーバが存在するってことなので
で、そのリクエストがあったあとに来たいたずらリクエストが以下。
かなり多い。
/Ringing.at.your.dorbell! / /admin.cgi /administrator.cgi /agora.cgi /aktivate/cgi-bin/catgy.cgi /analyse.cgi /apps/web/vs_diag.cgi /axis-cgi/buffer/command.cgi /b2-include/b2edit.showposts.php /bandwidth/index.cgi /bigconf.cgi /cartcart.cgi /cart.cgi /catalog/index.cgi /ccbill/whereami.cgi /cgi-bin/ /cgi-bin/14all-1.1.cgi /cgi-bin/14all.cgi /cgi-bin/%2f/admin.html /cgi-bin/a1disp3.cgi /cgi-bin/a1stats/a1disp3.cgi /cgi-bin/a1stats/a1disp4.cgi /cgi-bin/addbanner.cgi /cgi-bin/add_ftp.cgi /cgi-bin/adduser.cgi /cgi-bin/admin/admin.cgi /cgi-bin/admin.cgi /cgi-bin/adminhot.cgi /cgi-bin/admin.html /cgi-bin/admin.pl /cgi-bin/admin/setup.cgi /cgi-bin/adminwww.cgi /cgi-bin/af.cgi /cgi-bin/aglimpse.cgi /cgi-bin/alienform.cgi /cgi-bin/AnyBoard.cgi /cgi-bin/architext_query.cgi /cgi-bin/astrocam.cgi /cgi-bin/AT-admin.cgi /cgi-bin/AT-generate.cgi /cgi-bin/auction/auction.cgi /cgi-bin/auktion.cgi /cgi-bin/authLogin.cgi /cgi-bin/ax-admin.cgi /cgi-bin/ax.cgi /cgi-bin/axs.cgi /cgi-bin/badmin.cgi /cgi-bin/banner.cgi /cgi-bin/bannereditor.cgi /cgi-bin/bash /cgi-bin/bb-ack.sh /cgi-bin/bb-histlog.sh /cgi-bin/bb-hist.sh /cgi-bin/bb-hostsvc.sh /cgi-bin/bb-replog.sh /cgi-bin/bb-rep.sh /cgi-bin/BBS/bbs_forum.cgi /cgi-bin/bbs_forum.cgi /cgi-bin/bigconf.cgi /cgi-bin/bizdb1-search.cgi /cgi-bin/blog/mt-check.cgi /cgi-bin/blog/mt-load.cgi /cgi-bin/bnbform.cgi /cgi-bin/book.cgi /cgi-bin/boozt/admin/index.cgi /cgi-bin/bsguest.cgi /cgi-bin/bslist.cgi /cgi-bin/build.cgi /cgi-bin/bulk/bulk.cgi /cgi-bin/cached_feed.cgi /cgi-bin/cachemgr.cgi /cgi-bin/calendar/index.cgi /cgi-bin/cartmanager.cgi /cgi-bin/cbmc/forums.cgi /cgi-bin/ccvsblame.cgi /cgi-bin/c_download.cgi /cgi-bin/cgforum.cgi /cgi-bin/cgi.cgi /cgi-bin/cgi_process /cgi-bin/classified.cgi /cgi-bin/classifieds.cgi /cgi-bin/classifieds/classifieds.cgi /cgi-bin/classifieds/index.cgi /cgi-bin/.cobalt/alert/service.cgi /cgi-bin/.cobalt/message/message.cgi /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi /cgi-bin/commandit.cgi /cgi-bin/commerce.cgi /cgi-bin/common/listrec.pl /cgi-bin/compatible.cgi /cgi-bin/contact.cgi /cgi-bin/Count.cgi /cgi-bin/csChatRBox.cgi /cgi-bin/csGuestBook.cgi /cgi-bin/csLiveSupport.cgi /cgi-bin/CSMailto.cgi /cgi-bin/CSMailto/CSMailto.cgi /cgi-bin/csNews.cgi /cgi-bin/csNewsPro.cgi /cgi-bin/csPassword.cgi /cgi-bin/csPassword/csPassword.cgi /cgi-bin/csSearch.cgi /cgi-bin/csv_db.cgi /cgi-bin/cvsblame.cgi /cgi-bin/cvslog.cgi /cgi-bin/cvsquery.cgi /cgi-bin/cvsqueryform.cgi /cgi-bin/day5datacopier.cgi /cgi-bin/day5datanotifier.cgi /cgi-bin/db_manager.cgi /cgi-bin/dbman/db.cgi /cgi-bin/dcforum.cgi /cgi-bin/defaultwebpage.cgi /cgi-bin/dfire.cgi /cgi-bin/diagnose.cgi /cgi-bin/dig.cgi /cgi-bin/directorypro.cgi /cgi-bin/download.cgi /cgi-bin/emu/html/emumail.cgi /cgi-bin/emumail.cgi /cgi-bin/emumail/emumail.cgi /cgi-bin/enter.cgi /cgi-bin/env.cgi /cgi-bin/environ.cgi /cgi-bin/ezadmin.cgi /cgi-bin/ezboard.cgi /cgi-bin/ezman.cgi /cgi-bin/ezshopper2/loadpage.cgi /cgi-bin/ezshopper3/loadpage.cgi /cgi-bin/ezshopper/loadpage.cgi /cgi-bin/ezshopper/search.cgi /cgi-bin/faqmanager.cgi /cgi-bin/FileSeek2.cgi /cgi-bin/FileSeek.cgi /cgi-bin/finger.cgi /cgi-bin/firmwarecfg /cgi-bin/flexform.cgi /cgi-bin/fom.cgi /cgi-bin/fom/fom.cgi /cgi-bin/FormHandler.cgi /cgi-bin/FormMail.cgi /cgi-bin/forum.cgi /cgi-bin/gbadmin.cgi /cgi-bin/gbook/gbook.cgi /cgi-bin/generate.cgi /cgi-bin/getdoc.cgi /cgi-bin/gH.cgi /cgi-bin/gm-authors.cgi /cgi-bin/gm.cgi /cgi-bin/gm-cplog.cgi /cgi-bin/guestbook.cgi /cgi-bin/handler /cgi-bin/handler.cgi /cgi-bin/handler/netsonar /cgi-bin/hello /cgi-bin/hello.cgi /cgi-bin/helpme /cgi-bin/hitview.cgi /cgi-bin/hsx.cgi /cgi-bin/html2chtml.cgi /cgi-bin/html2wml.cgi /cgi-bin/htsearch.cgi /cgi-bin/icat /cgi-bin/ICuGI/EST/blast_detail.cgi /cgi-bin/if/admin/nph-build.cgi /cgi-bin/ikonboard/help.cgi /cgi-bin/ImageFolio/admin/admin.cgi /cgi-bin/imageFolio.cgi /cgi-bin/index.cgi /cgi-bin/info.sh /cgi-bin/infosrch.cgi /cgi-bin/jammail.pl /cgi-bin/journal.cgi /cgi-bin/lastlines.cgi /cgi-bin/loadpage.cgi /cgi-bin/login.cgi /cgi-bin/logit.cgi /cgi-bin/log-reader.cgi /cgi-bin/lookwho.cgi /cgi-bin/lwgate.cgi /cgi-bin/MachineInfo /cgi-bin/magiccard.cgi /cgi-bin/mail/emumail.cgi /cgi-bin/maillist.cgi /cgi-bin/mailnews.cgi /cgi-bin/mail/nph-mr.cgi /cgi-bin/main.cgi /cgi-bin/main_menu.pl /cgi-bin/man.sh /cgi-bin/meme.cgi /cgi-bin/mini_logger.cgi /cgi-bin/mmstdod.cgi /cgi-bin/moin.cgi /cgi-bin/mojo/mojo.cgi /cgi-bin/mrtg.cgi /cgi-bin/mt/mt-check.cgi /cgi-bin/mt/mt-load.cgi /cgi-bin/mt-static/mt-check.cgi /cgi-bin/mt-static/mt-load.cgi /cgi-bin/musicqueue.cgi /cgi-bin/myguestbook.cgi /cgi-bin/.namazu.cgi /cgi-bin/netauth.cgi /cgi-bin/netpad.cgi /cgi-bin/newsdesk.cgi /cgi-bin/nlog-smb.cgi /cgi-bin/nph-emumail.cgi /cgi-bin/nph-exploitscanget.cgi /cgi-bin/nph-publish.cgi /cgi-bin/nph-test.cgi /cgi-bin/pagelog.cgi /cgi-bin/pbcgi.cgi /cgi-bin/perlshop.cgi /cgi-bin/pfdispaly.cgi /cgi-bin/pfdisplay.cgi /cgi-bin/phf.cgi /cgi-bin/photo/manage.cgi /cgi-bin/photo/protected/manage.cgi /cgi-bin/php /cgi-bin/php.cgi /cgi-bin/php4 /cgi-bin/php4.cgi /cgi-bin/php5.cgi /cgi-bin/php5 /cgi-bin/php5? /cgi-bin/php5-cgi /cgi-bin/php5-cli? /cgi-bin/php-cgi /cgi-bin/php.cgi /cgi-bin/php-cgi.bin /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi /cgi-bin/pollssi.cgi /cgi-bin/postcards.cgi /cgi-bin/powerup/r.cgi /cgi-bin/printenv /cgi-bin/probecontrol.cgi /cgi-bin/profile.cgi /cgi-bin/publisher/search.cgi /cgi-bin/quickstore.cgi /cgi-bin/quizme.cgi /cgi-bin/ratlog.cgi /cgi-bin/r.cgi /cgi-bin/recent.cgi /cgi-bin/register.cgi /cgi-bin/replicator/webpage.cgi/ /cgi-bin/responder.cgi /cgi-bin/robadmin.cgi /cgi-bin/robpoll.cgi /cgi-bin/sat-ir-web.pl /cgi-bin/sbcgi/sitebuilder.cgi /cgi-bin/scoadminreg.cgi /cgi-bin-sdb/printenv /cgi-bin/search /cgi-bin/search.cgi /cgi-bin/search/search.cgi /cgi-bin/sendform.cgi /cgi-bin/shop.cgi /cgi-bin/shopper.cgi /cgi-bin/shopplus.cgi /cgi-bin/showcheckins.cgi /cgi-bin/signon.cgi /cgi-bin/simplestguest.cgi /cgi-bin/simplestmail.cgi /cgi-bin/smartsearch.cgi /cgi-bin/smartsearch/smartsearch.cgi /cgi-bin/snorkerz.bat /cgi-bin/snorkerz.cmd /cgi-bin/sojourn.cgi /cgi-bin/spin_client.cgi /cgi-bin/start.cgi /cgi-bin/status /cgi-bin/status/status.cgi /cgi-bin/store/agora.cgi /cgi-bin/store.cgi /cgi-bin/store/index.cgi /cgi-bin/survey.cgi /cgi-bin/talkback.cgi /cgi-bin/technote/main.cgi /cgi-bin/test2.pl /cgi-bin/test-cgi /cgi-bin/test.cgi /cgi-bin/test-cgi.pl /cgi-bin/testing_whatever /cgi-bin/test.sh /cgi-bin/test/test.cgi /cgi-bin/tidfinder.cgi /cgi-bin/tigvote.cgi /cgi-bin/title.cgi /cgi-bin/tools/tools.pl /cgi-bin/traffic.cgi /cgi-bin/tree.php /cgi-bin/troops.cgi /cgi-bin/ttawebtop.cgi/ /cgi-bin/ultraboard.cgi /cgi-bin/upload.cgi /cgi-bin/urlcount.cgi /cgi-bin/viewcvs.cgi /cgi-bin/viralator.cgi /cgi-bin/virgil.cgi /cgi-bin/vote.cgi /cgi-bin/vpasswd.cgi /cgi-bin/w3mman2html.cgi /cgi-bin/way-board.cgi /cgi-bin/way-board/way-board.cgi /cgi-bin/webbbs.cgi /cgi-bin/webcart/webcart.cgi /cgi-bin/webdist.cgi /cgi-bin/webif.cgi /cgi-bin/webmail/html/emumail.cgi /cgi-bin/webmap.cgi /cgi-bin/webspirs.cgi /cgi-bin/whois.cgi /cgi-bin/whois_raw.cgi /cgi-bin/whois/whois.cgi /cgi-bin/wrap /cgi-bin/wrap.cgi /cgi-bin/wwwboard.cgi.cgi /cgi-bin/YaBB/YaBB.cgi /cgi-bin/zml.cgi /cgi-mod/index.cgi /cgistart /cgis/wwwboard/wwwboard.cgi /cgi-sys/addalink.cgi /cgi-sys/defaultwebpage.cgi /cgi-sys/domainredirect.cgi /cgi-sys/entropybanner.cgi /cgi-sys/entropysearch.cgi /cgi-sys/FormMail-clone.cgi /cgi-sys/guestbook.cgi /cgi-sys/helpdesk.cgi /cgi-sys/mchat.cgi /cgi-sys/php5? /cgi-sys/randhtml.cgi /cgi-sys/realhelpdesk.cgi /cgi-sys/realsignup.cgi /cgi-sys/signup.cgi /cgi-sys/suspendedpage.cgi /connector.cgi /cp/rac/nsManager.cgi /create_release.sh /CSNews.cgi /csPassword.cgi /dana-na/auth/url_default/welcome.cgi /dcadmin.cgi /dcboard.cgi /dcforum.cgi /dcforum/dcforum.cgi /debug.cgi /details.cgi /download.cgi /edittag/edittag.cgi /emumail.cgi /enter_bug.cgi /ez2000/ezadmin.cgi /ez2000/ezboard.cgi /ez2000/ezman.cgi /fcgi-bin/echo /fcgi-bin/echo2 /gitweb/ /gitweb.cgi /gitweb/gitweb.cgi /Gozila.cgi /hitmatic/analyse.cgi /hndUnblock.cgi /html/cgi-bin/cgicso /index.cgi /info.cgi /infosrch.cgi /left.cgi /login.cgi /mailview.cgi /main.cgi /megabook/admin.cgi /ministats/admin.cgi /mods/apage/apage.cgi /_mt/mt.cgi /musicqueue.cgi /ncbook.cgi /newpro.cgi /newsletter.sh /oem_webstage/cgi-bin/oemapp_cgi /page.cgi /parse_xml.cgi /photodata/manage.cgi /photo/manage.cgi /phppath/cgi_wrapper /phppath/cgi_wrapper? /phppath/php /phppath/php? /print.cgi /process_bug.cgi /pub/english.cgi /quikmail/nph-emumail.cgi /quikstore.cgi /redirects/redir.cgi /reviews/newpro.cgi /ROADS/cgi-bin/search.pl /sample01.cgi /sample02.cgi /sample03.cgi /sample04.cgi /sampleposteddata.cgi /scancfg.cgi /servers/link.cgi /setpasswd.cgi /SetSecurity.shm /shop/member_html.cgi /shop/normal_html.cgi /site_searcher.cgi /siteUserMod.cgi /submit.cgi /sys-cgi /technote/print.cgi /template.cgi /test.cgi /tmUnblock.cgi /upload.cgi /userreg.cgi /users/scripts/submit.cgi /Web_Store/web_store.cgi /webtools/bonsai/ccvsblame.cgi /webtools/bonsai/cvsblame.cgi /webtools/bonsai/cvslog.cgi /webtools/bonsai/cvsquery.cgi /webtools/bonsai/cvsqueryform.cgi /webtools/bonsai/showcheckins.cgi /wwwadmin.cgi /wwwboard.cgi /wwwboard/wwwboard.cgi /xul/
ちなみに、リクエスト元はブラジルでした。
上記URLを含むサイトの方、お気を付けください。
では。