【セキュリティホール memo】セキュリティーホール memoで個人的に気になった記事【2010.08.24】

◇【注意喚起】eコマースサイトを標的としたクレジットカード情報や個人情報の窃取攻撃に関して – セキュリティホール memo http://www.st.ryukoku.ac.jp/~kjm/security/memo/2010/08.html#20100819_lac

Linuxやphpを狙った攻撃は元々少なくはないと思いますが、特に最近良く見るLogWatchのログにphpMyAdminを狙ったアクセスが大量に来てます。

私が管理しているサーバだと、中国、香港、ブラジル、アメリカ、ドイツ、マレーシアなどから、以下の様なアクセスが大量に来てます。もちろん中国からのアクセスがダントツです。phpMyAdminはいれてないので大丈夫ですが、安易にアプリをインストールしてると大変なことになりそうですね。

/phpMyAdmin-2.10.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.11.1/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.10/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.2/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.3/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.4/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.5/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.6/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.7/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.8/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.11.9/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.2.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.2.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.5/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.7/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.8/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.3.9/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.5/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.7/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.8/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.4.9/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.5-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.5-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.5-rc2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.5/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.6-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.6-rc2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.7-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.7/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.8/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.5.9/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-alpha/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-alpha2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-beta1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-beta2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-pl2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-pl3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-rc2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0-rc3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.1-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.1-pl2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.1-pl3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.1-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.1-rc2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.2-beta1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.2-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.2-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.3-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.3-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.4-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.4-pl2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.4-pl3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.4-pl4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.4-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.5/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.7/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.8/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.6.9/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.0-beta1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.0-pl1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.0-pl2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.0-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.5/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.7/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.8/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.7.9/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0-beta1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0-rc2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.0/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.1-rc1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.1/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.4/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.5/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.6/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.7/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.8/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.8.9/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2.9.1/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.9.2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-2/scripts/setup.php: 2 Time(s)
/phpMyAdmin-3/scripts/setup.php: 2 Time(s)
/phpMyAdmin-4/scripts/setup.php: 2 Time(s)
/phpMyAdmin//scripts/setup.php: 1 Time(s)
/phpMyAdmin//setup/config.php?type=post: 1 Time(s)
/phpMyAdmin/scripts/setup.php: 3 Time(s)
/phpMyAdmin1/scripts/setup.php: 3 Time(s)
/phpMyAdmin2//scripts/setup.php: 1 Time(s)
/phpMyAdmin2//setup/config.php?type=post: 1 Time(s)
/phpMyAdmin2/scripts/setup.php: 2 Time(s)
/phpMyAds/scripts/setup.php: 2 Time(s)
/phpadmin//scripts/setup.php: 1 Time(s)
/phpadmin//setup/config.php?type=post: 1 Time(s)
/phpm/scripts/setup.php: 2 Time(s)
/phpmanager/scripts/setup.php: 2 Time(s)
/phpmy-admin/scripts/setup.php: 2 Time(s)
/phpmy/scripts/setup.php: 2 Time(s)
/phpmyad-sys/scripts/setup.php: 2 Time(s)
/phpmyad/scripts/setup.php: 3 Time(s)
/phpmyadmin//scripts/setup.php: 1 Time(s)
/phpmyadmin//setup/config.php?type=post: 1 Time(s)
/phpmyadmin/scripts/setup.php: 3 Time(s)
/phpmyadmin2//scripts/setup.php: 1 Time(s)
/phpmyadmin2//setup/config.php?type=post: 1 Time(s)
/phpmyadmin2/scripts/setup.php: 2 Time(s)
/pma//scripts/setup.php: 1 Time(s)
/pma//setup/config.php?type=post: 1 Time(s)
/pma/scripts/setup.php: 3 Time(s)
/pma2005/scripts/setup.php: 2 Time(s)
/profile.html: 1 Time(s)
/robots.txt: 7 Time(s)
/scripts/setup.php: 3 Time(s)
/sql//scripts/setup.php: 1 Time(s)
/sql//setup/config.php?type=post: 1 Time(s)
/sqladmin/scripts/setup.php: 3 Time(s)
/sqlmanager/scripts/setup.php: 2 Time(s)
/sqlweb/scripts/setup.php: 2 Time(s)
/vhcs2/tools/pma/scripts/setup.php: 3 Time(s)
/web/phpMyAdmin/scripts/setup.php: 2 Time(s)
/webadmin/scripts/setup.php: 2 Time(s)
/webdb/scripts/setup.php: 2 Time(s)
/websql/scripts/setup.php: 2 Time(s)

 

◇SPYSEEは違法サイト – セキュリティホール memo http://www.st.ryukoku.ac.jp/~kjm/security/memo/2010/08.html#20100823__SPYSEE

これはねー難しい問題だと思いますが、SPYSEEは絶対こうなると思ってた。だって僕がYhaoo! Jpapan Web APIをつかって作ったサイトでちょっと自分の名前と同名がキーワードされただけで削除依頼されてこられる方もいらっしゃるので、SPYSEEとか絶対クレームが付きまくるだろうとSPYSEEというサイトを発見した時から思ってました。サイトとしては面白いと思うのですが、個人名自体をデータベース化して一般に公開してしまうのは法的にも問題があるみたいですし、裁判になるかもしれないみたいですけど、結果にかなり興味があります。写真の肖像権とかが問題になっているみたいですが、写真の肖像権や著作権などは仕方がないとしても名前を使った検索サービス自体は生き残ってほしいなーと個人的には思うのですが、どうなるんでしょう。

◇あのひと検索 SPYSEE [スパイシー]
http://spysee.jp/

(Visited 1 times, 1 visits today)

タグ :