Pgina 1 de 2 12 ltimoltimo
Resultados 1 al 10 de 15

Tema: Hackeo, pillado en el LOG

  1. #1

    Predeterminado Hackeo, pillado en el LOG

    Hola, me llevan meses atacando.... y porfin he encontrado como acceden mediante log, haber si alguien me puede echar una mano para poder pararles, esto es insufrible.

    Os dejo la parte importante del mysql.log, muchas gracias de antemano.

    100513 20:08:57 5693 Connect clubnseries@localhost on
    5693 Init DB clubnseries_b
    5693 Query select userid from vb_user where username like "mozoilo" limit 1
    5694 Connect clubnseries@localhost on
    5694 Init DB clubnseries_b
    5694 Query SELECT *
    FROM vb_datastore
    WHERE title IN ('','options','bitfields','pluginlist')
    5694 Query SELECT filedata, dateline, filename
    FROM vb_customavatar
    WHERE userid = 161540 AND visible = 1
    HAVING filedata <> ''
    5694 Quit
    5693 Quit
    5695 Connect clubnseries@localhost on
    5695 Init DB clubnseries_b
    5695 Query select userid from vb_user where username like "lecker" limit 1
    5696 Connect clubnseries@localhost on
    5696 Init DB clubnseries_b
    5696 Query SELECT *
    FROM vb_datastore
    WHERE title IN ('','options','bitfields','pluginlist')
    5696 Query SELECT filedata, dateline, filename
    FROM vb_customavatar
    WHERE userid = 47402 AND visible = 1
    HAVING filedata <> ''
    5696 Quit
    5697 Connect clubnseries@localhost on
    5697 Query DROP DATABASE clubnseries_b
    5698 Connect clubnseries@localhost on
    5698 Init DB clubnseries_b
    5698 Query select userid from vb_user where username like "alquimista78" limit 1
    5699 Connect clubnseries@localhost on
    5699 Init DB clubnseries_b
    5699 Query select title,data from vb_datastore
    where title in ('options','bitfields','forumcache','GAS_settings' )
    5699 Query select t.forumid, t.threadid, t.title, t.replycount, t.lastposter, lastpost, visible
    from vb_thread t
    where
    t.threadid in (48376)
    5700 Connect clubnseries@localhost on
    5700 Init DB clubnseries_b
    5700 Query select userid from vb_user where username like "alegonbe" limit 1
    5695 Quit
    5698 Query select userid from vb_user where username regexp "^(&[\\#\\da-z]*;|[^a-z\\d])*[a]lq([u]|u||)[i]m[i][s]t[a]78(&[a-z]*;|[^a-z\\d])*$" limit 1
    5699 Quit
    5700 Query select userid from vb_user where username regexp "^(&[\\#\\da-z]*;|[^a-z\\d])*[a]l[e]g[o][n]b[e](&[a-z]*;|[^a-z\\d])*$" limit 1
    5697 Quit

    5701 Connect clubnseries@localhost on
    5702 Connect clubnseries@localhost on
    5701 Query SELECT VERSION() AS version
    5702 Query SELECT VERSION() AS version
    5700 Quit
    5698 Quit
    5702 Quit
    5701 Quit
    5703 Connect clubnseries@localhost on
    5703 Query select userid from vb_user where username like "ivanbs" limit 1
    5703 Query select userid from vb_user where username regexp "^(&[\\#\\da-z]*;|[^a-z\\d])*[i]v[a][n]b[s](&[a-z]*;|[^a-z\\d])*$" limit 1
    5704 Connect clubnseries@localhost on
    5704 Query SELECT VERSION() AS version

    Salu2!!
    ltima edicin por selik; 14/05/2010 a las 11:42

  2. #2

    Predeterminado Re: Hackeo, pillado en el LOG

    Creo que mas bien el log de mysql, deberias pillar tambien el log de apache, que es por donde se puede ver mejor la peticion que han hecho y por donde estan colandose. De todas formas veo que tienes el Suhosin-Patch, asi que veo raro tambien que se puedan colar por apache, aunque no te digo que sea imposible.

    Tienes usuarios locales en la maquina??? No tendras algun usuario urgandote??? Quizas has sido hackeado por otra parte y ya tienes un usuario sin saberlo.

    Si puedes sacarnos los logs de apache seria un avance, aunque tambien nos podria venir bien una lista de procesos con "ps aux".

    EDITO: Tambien un listado de conexiones con "netstat -anp | grep -v unix"

  3. #3
    Miembro
    Fecha de Ingreso
    27 nov, 09
    Ubicacin
    Pamplona <> Irua
    Mensajes
    101

    Predeterminado Re: Hackeo, pillado en el LOG

    As sin ver los logs de apache ni saber nada de la aplicacin se puede intuir algo pero poca cosa.

    Yo me fijara en el formulario que dispara la consulta anterior al drop database

    5696 Query SELECT *
    FROM vb_datastore
    WHERE title IN ('','options','bitfields','pluginlist')
    5696 Query SELECT filedata, dateline, filename
    FROM vb_customavatar
    WHERE userid = 47402 AND visible = 1
    HAVING filedata <> ''
    5696 Quit
    5697 Connect clubnseries@localhost on
    5697 Query DROP DATABASE clubnseries_b

    El having filedata tiene pinta de que no es escapado correctamente y puede ser por ah por donde te metan la sql injection

    Despus la consulta por el username si la ejecutas qu usuario te devuelve?
    Muchas veces el primer usuario es tambin el superadmin de la muerte pero ah tambin parece que hay una entrada no "sanitizada"

    Saludos

  4. #4

    Predeterminado Re: Hackeo, pillado en el LOG

    Muchsimas gracias a los 2 por vuestra ayuda.

    De momento estoy intentando abrir el log de apache que pesa unos 4 gigas y medio y se me queda pillado con todos los programas, y por ssh no me aclaro para buscar lineas. En cuanto tenga la linea de lo que sucedi en ese tiempo editar el post.

    En la mquina solo tengo un usuario y es para el ftp, NADA mas, y esa persona es de confianza.



    De momento os voy a ir poniendo lo que me comentabas mas arriba:

    ps aux

    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 0.0 0.0 10308 592 ? Ss May13 0:01 init [2]
    root 2 0.0 0.0 0 0 ? S May13 0:00 [kthreadd]
    root 3 0.0 0.0 0 0 ? S May13 0:00 [migration/0]
    root 4 0.0 0.0 0 0 ? S May13 0:30 [ksoftirqd/0]
    root 5 0.0 0.0 0 0 ? S May13 0:00 [migration/1]
    root 6 0.1 0.0 0 0 ? S May13 1:20 [ksoftirqd/1]
    root 7 0.0 0.0 0 0 ? S May13 0:00 [migration/2]
    root 8 0.0 0.0 0 0 ? S May13 0:47 [ksoftirqd/2]
    root 9 0.0 0.0 0 0 ? S May13 0:00 [migration/3]
    root 10 0.0 0.0 0 0 ? S May13 0:47 [ksoftirqd/3]
    root 11 0.0 0.0 0 0 ? S May13 0:00 [events/0]
    root 12 0.0 0.0 0 0 ? S May13 0:01 [events/1]
    root 13 0.0 0.0 0 0 ? S May13 0:02 [events/2]
    root 14 0.0 0.0 0 0 ? S May13 0:05 [events/3]
    root 15 0.0 0.0 0 0 ? S May13 0:00 [cpuset]
    root 16 0.0 0.0 0 0 ? S May13 0:00 [khelper]
    root 22 0.0 0.0 0 0 ? S May13 0:00 [async/mgr]
    root 238 0.0 0.0 0 0 ? S May13 0:00 [sync_supers]
    root 240 0.0 0.0 0 0 ? S May13 0:00 [bdi-default]
    root 241 0.0 0.0 0 0 ? S May13 0:00 [kintegrityd/0]
    root 242 0.0 0.0 0 0 ? S May13 0:00 [kintegrityd/1]
    root 243 0.0 0.0 0 0 ? S May13 0:00 [kintegrityd/2]
    root 244 0.0 0.0 0 0 ? S May13 0:00 [kintegrityd/3]
    root 245 0.0 0.0 0 0 ? S May13 0:00 [kblockd/0]
    root 246 0.0 0.0 0 0 ? S May13 0:01 [kblockd/1]
    root 247 0.0 0.0 0 0 ? S May13 0:00 [kblockd/2]
    root 248 0.0 0.0 0 0 ? S May13 0:05 [kblockd/3]
    root 249 0.0 0.0 0 0 ? S May13 0:00 [kacpid]
    root 250 0.0 0.0 0 0 ? S May13 0:00 [kacpi_notify]
    root 251 0.0 0.0 0 0 ? S May13 0:00 [kacpi_hotplug]
    root 349 0.0 0.0 0 0 ? S May13 0:00 [ata/0]
    root 350 0.0 0.0 0 0 ? S May13 0:00 [ata/1]
    root 351 0.0 0.0 0 0 ? S May13 0:00 [ata/2]
    root 352 0.0 0.0 0 0 ? S May13 0:00 [ata/3]
    root 353 0.0 0.0 0 0 ? S May13 0:00 [ata_aux]
    root 357 0.0 0.0 0 0 ? S May13 0:00 [ksuspend_usbd]
    root 361 0.0 0.0 0 0 ? S May13 0:00 [khubd]
    root 364 0.0 0.0 0 0 ? S May13 0:00 [kseriod]
    root 400 0.0 0.0 0 0 ? S May13 0:00 [rpciod/0]
    root 401 0.0 0.0 0 0 ? S May13 0:00 [rpciod/1]
    root 402 0.0 0.0 0 0 ? S May13 0:00 [rpciod/2]
    root 403 0.0 0.0 0 0 ? S May13 0:00 [rpciod/3]
    root 404 0.0 0.0 0 0 ? S May13 0:00 [kvm-irqfd-clean]
    root 456 0.0 0.0 0 0 ? S May13 0:12 [kswapd0]
    root 457 0.0 0.0 0 0 ? SN May13 0:00 [ksmd]
    root 458 0.0 0.0 0 0 ? S May13 0:00 [aio/0]
    root 459 0.0 0.0 0 0 ? S May13 0:00 [aio/1]
    root 460 0.0 0.0 0 0 ? S May13 0:00 [aio/2]
    root 461 0.0 0.0 0 0 ? S May13 0:00 [aio/3]
    root 465 0.0 0.0 0 0 ? S May13 0:00 [nfsiod]
    root 466 0.0 0.0 0 0 ? S< May13 0:00 [kslowd000]
    root 467 0.0 0.0 0 0 ? S< May13 0:00 [kslowd001]
    root 469 0.0 0.0 0 0 ? S May13 0:00 [xfs_mru_cache]
    root 470 0.0 0.0 0 0 ? S May13 0:00 [xfslogd/0]
    root 471 0.0 0.0 0 0 ? S May13 0:00 [xfslogd/1]
    root 472 0.0 0.0 0 0 ? S May13 0:00 [xfslogd/2]
    root 473 0.0 0.0 0 0 ? S May13 0:00 [xfslogd/3]
    root 474 0.0 0.0 0 0 ? S May13 0:00 [xfsdatad/0]
    root 475 0.0 0.0 0 0 ? S May13 0:00 [xfsdatad/1]
    root 476 0.0 0.0 0 0 ? S May13 0:00 [xfsdatad/2]
    root 477 0.0 0.0 0 0 ? S May13 0:00 [xfsdatad/3]
    root 478 0.0 0.0 0 0 ? S May13 0:00 [xfsconvertd/0]
    root 479 0.0 0.0 0 0 ? S May13 0:00 [xfsconvertd/1]
    root 480 0.0 0.0 0 0 ? S May13 0:00 [xfsconvertd/2]
    root 481 0.0 0.0 0 0 ? S May13 0:00 [xfsconvertd/3]
    root 482 0.0 0.0 0 0 ? S May13 0:00 [ocfs2_wq]
    root 483 0.0 0.0 0 0 ? S May13 0:00 [o2quot/0]
    root 484 0.0 0.0 0 0 ? S May13 0:00 [o2quot/1]
    root 485 0.0 0.0 0 0 ? S May13 0:00 [o2quot/2]
    root 486 0.0 0.0 0 0 ? S May13 0:00 [o2quot/3]
    root 489 0.0 0.0 0 0 ? S May13 0:00 [user_dlm]
    root 491 0.0 0.0 0 0 ? S May13 0:00 [glock_workqueue]
    root 492 0.0 0.0 0 0 ? S May13 0:00 [glock_workqueue]
    root 493 0.0 0.0 0 0 ? S May13 0:00 [glock_workqueue]
    root 494 0.0 0.0 0 0 ? S May13 0:00 [glock_workqueue]
    root 495 0.0 0.0 0 0 ? S May13 0:00 [delete_workqueu]
    root 496 0.0 0.0 0 0 ? S May13 0:00 [delete_workqueu]
    root 497 0.0 0.0 0 0 ? S May13 0:00 [delete_workqueu]
    root 498 0.0 0.0 0 0 ? S May13 0:00 [delete_workqueu]
    root 499 0.0 0.0 0 0 ? S May13 0:00 [crypto/0]
    root 500 0.0 0.0 0 0 ? S May13 0:00 [crypto/1]
    root 501 0.0 0.0 0 0 ? S May13 0:00 [crypto/2]
    root 502 0.0 0.0 0 0 ? S May13 0:00 [crypto/3]
    root 1219 0.0 0.0 0 0 ? S May13 0:00 [iscsi_eh]
    root 1228 0.0 0.0 0 0 ? S May13 0:00 [fc_rport_eq]
    root 1229 0.0 0.0 0 0 ? S< May13 0:00 [fcoethread/0]
    root 1230 0.0 0.0 0 0 ? S< May13 0:00 [fcoethread/1]
    root 1231 0.0 0.0 0 0 ? S< May13 0:00 [fcoethread/2]
    root 1232 0.0 0.0 0 0 ? S< May13 0:00 [fcoethread/3]
    root 1243 0.0 0.0 0 0 ? S May13 0:00 [scsi_eh_0]
    root 1245 0.0 0.0 0 0 ? S May13 0:00 [scsi_eh_1]
    root 1259 0.0 0.0 0 0 ? S May13 0:00 [mtdblockd]
    root 1318 0.0 0.0 0 0 ? S May13 0:00 [kpsmoused]
    root 1341 0.0 0.0 0 0 ? S May13 0:00 [kstriped]
    root 1343 0.0 0.0 0 0 ? S May13 0:00 [kdelayd/0]
    root 1344 0.0 0.0 0 0 ? S May13 0:00 [kdelayd/1]
    root 1345 0.0 0.0 0 0 ? S May13 0:00 [kdelayd/2]
    root 1346 0.0 0.0 0 0 ? S May13 0:00 [kdelayd/3]
    root 1347 0.0 0.0 0 0 ? S May13 0:00 [kmpathd/0]
    root 1348 0.0 0.0 0 0 ? S May13 0:00 [kmpathd/1]
    root 1349 0.0 0.0 0 0 ? S May13 0:00 [kmpathd/2]
    root 1350 0.0 0.0 0 0 ? S May13 0:00 [kmpathd/3]
    root 1351 0.0 0.0 0 0 ? S May13 0:00 [kmpath_handlerd]
    root 1352 0.0 0.0 0 0 ? S May13 0:00 [ksnapd]
    root 1355 0.0 0.0 0 0 ? S May13 0:00 [edac-poller]
    root 1369 0.0 0.0 0 0 ? S May13 0:00 [kondemand/0]
    root 1370 0.0 0.0 0 0 ? S May13 0:00 [kondemand/1]
    root 1371 0.0 0.0 0 0 ? S May13 0:00 [kondemand/2]
    root 1372 0.0 0.0 0 0 ? S May13 0:00 [kondemand/3]
    root 1373 0.0 0.0 0 0 ? S May13 0:00 [kconservative/0]
    root 1374 0.0 0.0 0 0 ? S May13 0:00 [kconservative/1]
    root 1375 0.0 0.0 0 0 ? S May13 0:00 [kconservative/2]
    root 1376 0.0 0.0 0 0 ? S May13 0:00 [kconservative/3]
    root 1405 0.0 0.0 0 0 ? S May13 0:00 [usbhid_resumer]
    root 1429 0.0 0.0 0 0 ? S May13 0:08 [kjournald]
    root 1504 0.0 0.0 16892 540 ? S<s May13 0:00 udevd --daemon
    root 3059 0.0 0.0 0 0 ? S May13 0:00 [kjournald]
    root 3384 0.0 0.0 187108 1388 ? Sl May13 0:06 /usr/sbin/rsyslogd -c3
    bind 3418 0.0 0.6 236752 28088 ? Ssl May13 0:33 /usr/sbin/named -u bind
    root 3435 0.0 0.0 48860 896 ? Ss May13 0:00 /usr/sbin/sshd
    root 3467 0.0 0.0 0 0 ? S May13 0:03 [flush-8:0]
    root 3476 0.0 0.0 17332 1108 ? S May13 0:00 /bin/sh /usr/bin/mysqld_safe
    mysql 3513 6.0 7.5 1614848 304328 ? S<l May13 76:29 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/my
    postgres 3579 0.0 0.1 99500 5216 ? S May13 0:02 /usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/pos
    postgres 3806 0.0 0.0 99500 1592 ? Ss May13 0:05 postgres: writer process
    postgres 3807 0.0 0.0 99500 1404 ? Ss May13 0:02 postgres: wal writer process
    postgres 3808 0.0 0.0 99644 1724 ? Ss May13 0:01 postgres: autovacuum launcher process
    postgres 3809 0.0 0.0 69964 1472 ? Ss May13 0:02 postgres: stats collector process
    clamav 4086 0.0 0.0 21712 1108 ? Ss May13 0:03 /usr/bin/freshclam -d --quiet
    root 4531 0.0 0.5 71100 23472 ? Ss May13 0:43 lfd - sleeping
    list 4832 0.0 0.1 82852 7240 ? Ss May13 0:00 /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
    list 4833 0.0 0.2 74296 8204 ? S May13 0:03 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
    list 4834 0.0 0.2 74276 8220 ? S May13 0:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
    list 4835 0.0 0.2 74232 8196 ? S May13 0:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
    list 4836 0.0 0.2 74268 8196 ? S May13 0:03 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
    list 4837 0.0 0.2 74300 8268 ? S May13 0:03 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
    list 4839 0.0 0.2 74260 8296 ? S May13 0:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
    list 4840 0.0 0.2 74236 8196 ? S May13 0:04 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
    list 4841 0.0 0.2 74276 8192 ? S May13 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
    root 4912 0.0 0.0 36840 2264 ? Ss May13 0:02 /usr/lib/postfix/master
    postfix 4921 0.0 0.0 39064 2496 ? S May13 0:05 qmgr -l -t fifo -u
    root 4940 0.0 0.0 52080 864 ? Ss May13 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
    root 4941 0.0 0.0 52080 620 ? S May13 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
    root 4942 0.0 0.0 52080 596 ? S May13 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
    root 4943 0.0 0.0 52080 596 ? S May13 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
    root 4945 0.0 0.0 52080 596 ? S May13 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5
    root 4966 0.0 0.0 12376 596 ? Ss May13 0:02 /usr/sbin/dovecot
    root 4968 0.0 0.0 71260 2684 ? S May13 0:01 dovecot-auth
    root 4971 0.0 0.0 12360 356 ? Ss May13 0:00 /sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan --syslog
    proftpd 4983 0.0 0.0 64224 1388 ? Ss May13 0:00 proftpd: (accepting connections)
    root 5004 0.0 0.0 22364 924 ? Ss May13 0:00 /usr/sbin/cron
    dovecot 5013 0.0 0.0 14208 1664 ? S May13 0:00 pop3-login
    dovecot 5016 0.0 0.0 14216 1664 ? S May13 0:00 imap-login
    dovecot 5017 0.0 0.0 14216 1664 ? S May13 0:00 imap-login
    dovecot 5018 0.0 0.0 14216 1664 ? S May13 0:00 imap-login
    root 5040 0.0 0.2 384688 10060 ? Ss May13 0:32 /usr/sbin/apache2 -k start
    www-data 5047 0.0 0.0 184728 3488 ? S May13 0:00 /usr/sbin/apache2 -k start
    root 5065 0.0 1.0 79736 42820 ? Ss May13 0:35 /usr/share/webmin/virtual-server/lookup-domain-daemon.pl
    root 5185 0.0 0.4 107464 19916 ? Ss May13 0:02 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spam
    root 5202 0.0 0.1 60752 5320 ? Ss May13 0:00 /usr/bin/perl /usr/share/usermin/miniserv.pl /etc/usermin/miniserv.conf
    root 5219 0.0 0.0 91204 3696 ? Ss May13 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
    root 5220 0.0 0.0 3796 452 tty1 Ss+ May13 0:00 /sbin/getty 38400 tty1
    root 5221 0.0 0.0 3796 484 tty2 Ss+ May13 0:00 /sbin/getty 38400 tty2
    root 5222 0.0 0.0 3796 464 tty3 Ss+ May13 0:00 /sbin/getty 38400 tty3
    root 5223 0.0 0.0 3796 464 tty4 Ss+ May13 0:00 /sbin/getty 38400 tty4
    root 5224 0.0 0.0 3796 444 tty5 Ss+ May13 0:00 /sbin/getty 38400 tty5
    root 5225 0.0 0.0 3796 444 tty6 Ss+ May13 0:00 /sbin/getty 38400 tty6
    root 5355 0.0 0.9 109960 37440 ? S May13 0:01 spamd child
    root 5356 0.0 0.4 107464 16944 ? S May13 0:00 spamd child
    postfix 7873 0.0 0.0 38896 2268 ? S 16:50 0:00 pickup -l -t fifo -u -c
    root 7962 0.0 0.1 91336 4988 ? S 16:51 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
    root 7963 0.0 0.1 91336 4988 ? S 16:51 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
    postfix 8078 0.0 0.0 39504 3140 ? S 16:52 0:00 cleanup -z -t unix -u -c
    www-data 8488 0.7 0.9 405264 38536 ? S 16:54 0:02 /usr/sbin/apache2 -k start
    www-data 8734 1.1 0.9 406384 38308 ? S 16:56 0:03 /usr/sbin/apache2 -k start
    www-data 8745 0.5 0.9 402796 36652 ? S 16:56 0:01 /usr/sbin/apache2 -k start
    www-data 8786 0.6 0.9 407068 38520 ? S 16:56 0:01 /usr/sbin/apache2 -k start
    www-data 8914 0.8 0.8 402468 34972 ? S 16:57 0:02 /usr/sbin/apache2 -k start
    www-data 8920 0.5 0.8 403200 34688 ? S 16:57 0:01 /usr/sbin/apache2 -k start
    root 8940 0.0 0.1 91336 4988 ? S 16:57 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
    www-data 8946 0.9 0.8 401688 34324 ? S 16:57 0:02 /usr/sbin/apache2 -k start
    www-data 8947 0.3 0.8 405528 35988 ? S 16:57 0:00 /usr/sbin/apache2 -k start
    www-data 8963 1.2 0.8 401512 36100 ? S 16:57 0:02 /usr/sbin/apache2 -k start
    postfix 9032 0.0 0.0 43168 2592 ? S 16:58 0:00 smtp -t unix -u -c
    www-data 9035 0.4 0.0 0 0 ? Z 16:58 0:00 [apache2] <defunct>
    www-data 9047 0.0 0.4 391752 19244 ? S 16:58 0:00 /usr/sbin/apache2 -k start
    www-data 9048 0.6 0.7 400700 31916 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9062 1.0 0.9 402976 37276 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9064 0.7 0.9 404400 37172 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9068 0.3 0.9 405740 36980 ? S 16:58 0:00 /usr/sbin/apache2 -k start
    www-data 9080 0.6 0.9 404404 36164 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9083 1.6 0.8 402220 35368 ? S 16:58 0:02 /usr/sbin/apache2 -k start
    www-data 9089 0.3 0.9 407616 39864 ? S 16:58 0:00 /usr/sbin/apache2 -k start
    www-data 9092 0.8 0.8 401584 35084 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9096 0.3 0.8 402460 35196 ? S 16:58 0:00 /usr/sbin/apache2 -k start
    www-data 9099 4.6 0.8 402456 36000 ? S 16:58 0:08 /usr/sbin/apache2 -k start
    www-data 9100 0.6 0.8 401608 34140 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9104 0.6 0.8 401864 35268 ? S 16:58 0:01 /usr/sbin/apache2 -k start
    www-data 9105 0.4 0.6 395328 26304 ? S 16:58 0:00 /usr/sbin/apache2 -k start
    www-data 9276 0.6 0.8 400544 32672 ? S 16:59 0:00 /usr/sbin/apache2 -k start
    www-data 9277 1.4 0.8 401952 34960 ? S 16:59 0:01 /usr/sbin/apache2 -k start
    www-data 9414 0.1 0.5 395344 23656 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9415 1.2 0.9 404736 37692 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9417 0.7 0.9 405780 36848 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9418 1.5 0.8 402456 34488 ? S 17:00 0:01 /usr/sbin/apache2 -k start
    www-data 9419 1.1 0.9 406012 38452 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9420 0.0 0.5 392512 20452 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9422 0.6 0.7 400516 31312 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9426 1.9 0.8 401512 33548 ? S 17:00 0:01 /usr/sbin/apache2 -k start
    www-data 9431 0.5 0.8 406504 35920 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9433 0.3 0.8 405184 35656 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9434 0.1 0.4 389972 18248 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9437 2.4 0.8 401392 33624 ? S 17:00 0:01 /usr/sbin/apache2 -k start
    www-data 9438 0.0 0.3 389880 15580 ? S 17:00 0:00 /usr/sbin/apache2 -k start
    www-data 9545 0.9 0.7 400332 30652 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9547 0.0 0.2 385612 8116 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9549 0.9 0.6 397480 27860 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9550 0.2 0.7 401788 30008 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9557 0.1 0.4 389964 18188 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9558 1.1 0.8 400412 33212 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9559 0.1 0.6 400956 27940 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9560 0.7 0.7 401392 31840 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9561 0.0 0.4 390672 16332 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9562 0.5 0.8 404064 32700 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9563 0.1 0.4 390900 19148 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9564 1.3 0.8 400800 32476 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9570 0.0 0.2 385612 8112 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9574 0.1 0.4 391176 19416 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9584 0.1 0.2 385612 8096 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9585 0.0 0.2 385612 8080 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9586 8.0 0.7 397888 28288 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9588 0.0 0.2 385612 8088 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9589 0.5 0.4 390664 16288 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9590 0.2 0.2 385612 8104 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9591 0.0 0.1 385476 7352 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9592 0.0 0.1 385476 7352 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9593 0.0 0.1 385476 7352 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9594 0.0 0.1 385476 7352 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9595 0.0 0.2 385612 8088 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9596 0.0 0.1 385476 7352 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9597 0.0 0.1 385476 7356 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    www-data 9598 0.0 0.1 385476 7352 ? S 17:01 0:00 /usr/sbin/apache2 -k start
    root 9601 0.0 0.0 16456 1032 pts/1 R+ 17:01 0:00 ps aux
    postfix 15047 0.0 0.0 41404 2176 ? S May13 0:00 tlsmgr -l -t unix -u -c
    dovecot 15683 0.0 0.0 14208 1664 ? S 10:33 0:00 pop3-login
    dovecot 19029 0.0 0.0 14208 1664 ? S 10:50 0:00 pop3-login
    root 26218 0.0 0.0 66136 2412 ? Ss 11:35 0:07 sshd: root@notty
    root 26226 0.0 0.0 42256 1720 ? Ss 11:35 0:01 /usr/lib/openssh/sftp-server
    root 27032 0.0 0.0 66136 2864 ? Ss 11:41 0:00 sshd: root@pts/1
    root 27037 0.0 0.0 21304 1688 pts/1 Ss 11:41 0:00 -bash
    ks25147:/var/log/mysql#

  5. #5

    Predeterminado Re: Hackeo, pillado en el LOG

    netstat -anp | grep -v unix


    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5202/perl
    tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 4966/dovecot
    tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 4966/dovecot
    tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3513/mysqld
    tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 4966/dovecot
    tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 5185/spamd.pid
    tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 4966/dovecot
    tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 5219/perl
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5040/apache2
    tcp 0 0 91.121.29.127:80 95.17.90.55:49740 SYN_RECV -
    tcp 0 0 91.121.29.127:80 212.170.103.12:12223 SYN_RECV -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1566 SYN_RECV -
    tcp 0 0 91.121.29.127:80 95.17.90.55:49739 SYN_RECV -
    tcp 0 0 91.121.29.127:80 163.247.51.11:2309 SYN_RECV -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1562 SYN_RECV -
    tcp 0 0 91.121.29.127:80 79.153.69.119:49482 SYN_RECV -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1560 SYN_RECV -
    tcp 0 0 91.121.29.127:80 163.247.51.11:2310 SYN_RECV -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1564 SYN_RECV -
    tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 4983/proftpd: (acce
    tcp 0 0 91.121.29.127:53 0.0.0.0:* LISTEN 3418/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3418/named
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3435/sshd
    tcp 0 0 127.0.0.1:11000 0.0.0.0:* LISTEN 5065/lookup-domain-
    tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 3579/postgres
    tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 4912/master
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3418/named
    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5040/apache2
    tcp 0 0 91.121.29.127:80 67.195.110.182:34451 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.139.18.22:10442 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43371 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.176.237.253:44664 ESTABLISHED 9729/apache2
    tcp 0 0 91.121.29.127:80 88.14.186.68:10332 FIN_WAIT2 9733/apache2
    tcp 0 0 91.121.29.127:80 85.136.179.50:1501 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.24.156.65:57843 ESTABLISHED 9759/apache2
    tcp 0 13000 91.121.29.127:80 186.16.10.16:1558 ESTABLISHED 8947/apache2
    tcp 0 0 91.121.29.127:80 93.156.1.249:22016 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.139.98.138:2871 TIME_WAIT -
    tcp 0 307 91.121.29.127:80 79.159.43.49:21931 ESTABLISHED 9716/apache2
    tcp 0 0 91.121.29.127:80 200.80.164.38:27974 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.106.68.226:23983 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.159.165.96:23507 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.245.210.141:50437 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43707 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44596 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.186.105.118:3996 ESTABLISHED 9612/apache2
    tcp 0 0 91.121.29.127:80 93.156.1.249:21969 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.139.98.138:2866 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.106.68.226:24041 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43807 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1452 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 80.30.96.168:1633 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.159.165.96:23508 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.75.163.57:2373 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1503 TIME_WAIT -
    tcp 0 10061 91.121.29.127:80 66.249.71.140:42828 ESTABLISHED 9048/apache2
    tcp 0 0 91.121.29.127:80 200.80.164.38:59709 TIME_WAIT -
    tcp 0 2210 91.121.29.127:80 190.229.150.119:49226 ESTABLISHED 9570/apache2
    tcp 0 0 91.121.29.127:80 194.179.126.157:44153 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 81.39.195.124:65533 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43902 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43940 TIME_WAIT -
    tcp 0 52 91.121.29.127:22 85.54.143.150:52524 ESTABLISHED 27032/1
    tcp 0 0 91.121.29.127:80 62.42.34.163:49960 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44214 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43196 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 95.18.12.253:1857 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 190.233.43.55:26060 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 90.163.157.127:53704 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43543 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 88.14.186.68:10326 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49842 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44606 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.75.163.57:2377 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43981 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 88.16.54.145:49342 ESTABLISHED 9611/apache2
    tcp 0 0 91.121.29.127:80 189.186.105.118:3976 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 94.126.240.2:41942 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.34.163:49911 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43671 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.144.54.197:21619 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.245.210.141:50344 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.34.163:49916 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 201.116.140.243:11205 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 67.195.110.182:58496 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.216.6.153:3267 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 79.159.165.96:23506 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 67.195.110.182:60547 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44574 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 95.18.12.253:1774 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 79.146.145.9:1952 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49849 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.159.165.96:23505 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 90.163.157.127:53702 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49792 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 93.156.1.249:22013 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 213.99.192.227:6944 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43694 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.75.163.57:2367 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.186.105.118:3992 ESTABLISHED 9062/apache2
    tcp 0 0 91.121.29.127:80 160.44.247.146:49411 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43479 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.106.68.226:24001 TIME_WAIT -
    tcp 0 14600 91.121.29.127:80 85.136.179.50:1676 ESTABLISHED 9614/apache2
    tcp 0 0 91.121.29.127:80 194.179.126.157:44108 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 84.79.138.19:1474 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 89.141.25.25:62860 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43706 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.216.6.153:3280 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 93.156.1.249:21980 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.75.163.57:2372 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43753 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43980 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49844 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 88.16.54.145:49341 ESTABLISHED 9761/apache2
    tcp 0 0 91.121.29.127:80 84.125.110.133:2032 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.106.68.226:23981 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.34.163:49913 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44584 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 94.126.240.2:42249 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43595 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1507 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1581 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.186.105.118:3994 ESTABLISHED 9737/apache2
    tcp 0 0 91.121.29.127:80 190.245.210.141:50434 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1450 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49793 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 93.156.1.249:21967 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1583 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.219.96.143:57420 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49847 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.139.98.138:2868 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.106.68.226:23978 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.186.105.118:3974 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 213.99.192.227:51580 ESTABLISHED 9595/apache2
    tcp 0 0 91.121.29.127:80 93.156.1.249:21981 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 201.220.232.23:64159 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.201.9:53711 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44113 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.34.163:49959 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49796 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43973 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49845 FIN_WAIT2 9728/apache2
    tcp 0 0 91.121.29.127:80 200.106.68.226:24082 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 203.197.89.130:27637 ESTABLISHED 9726/apache2
    tcp 0 0 91.121.29.127:80 200.80.164.38:59710 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 81.39.195.124:65529 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 200.80.164.38:36102 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.159.165.96:23504 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.201.9:53715 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 200.106.68.226:24040 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 160.44.247.146:45407 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 88.14.186.68:10329 FIN_WAIT2 9562/apache2
    tcp 0 0 91.121.29.127:80 194.179.126.157:43285 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.139.18.22:10532 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.34.163:49962 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 213.99.192.227:7008 ESTABLISHED 9714/apache2
    tcp 0 0 91.121.29.127:80 200.80.164.38:25579 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43708 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 93.156.1.249:21968 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43560 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43904 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.80.164.38:15426 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 62.42.37.53:49841 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 84.125.110.133:2109 ESTABLISHED 9749/apache2
    tcp 0 0 91.121.29.127:80 93.156.1.249:21970 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43938 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 80.38.217.68:16577 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43643 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 160.44.247.146:49030 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 95.18.12.253:1781 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 190.139.98.138:2873 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 201.216.146.50:24475 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.245.210.141:50436 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 93.156.1.249:22014 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 89.234.35.60:58187 ESTABLISHED 9585/apache2
    tcp 0 0 91.121.29.127:80 88.16.54.145:49340 ESTABLISHED 9584/apache2
    tcp 0 0 91.121.29.127:80 93.156.1.249:21984 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.219.96.143:57346 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1671 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 189.186.105.118:3982 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 84.125.110.133:1885 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44298 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 89.141.25.25:62964 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 88.14.186.68:10323 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 80.30.96.168:1632 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 213.96.184.46:3727 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 90.163.157.127:53701 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44602 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 67.195.110.182:59806 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.245.210.141:50354 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43557 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1449 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 95.18.12.253:1782 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 200.80.164.38:59708 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43819 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43758 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 186.16.10.16:1518 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44481 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43689 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 217.125.73.25:27857 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44124 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 93.156.1.249:21982 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 217.125.73.25:27779 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43669 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.146.145.9:1924 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.80.164.38:59703 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 90.163.157.127:53703 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44607 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.201.9:53709 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 79.146.145.9:1940 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.75.163.57:2375 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.48.5.12:30725 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44215 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 213.99.192.227:6880 ESTABLISHED 9420/apache2
    tcp 0 0 91.121.29.127:80 67.195.110.182:34094 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 81.39.195.124:65532 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1677 ESTABLISHED 9738/apache2
    tcp 0 0 91.121.29.127:80 90.163.157.127:53706 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.201.9:53714 FIN_WAIT2 -
    tcp 0 523 91.121.29.127:80 190.229.150.119:49227 ESTABLISHED 9740/apache2
    tcp 0 0 91.121.29.127:80 93.156.1.249:21983 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 213.96.184.46:3728 FIN_WAIT2 -
    tcp 0 1976 91.121.29.127:80 186.16.239.61:2225 FIN_WAIT1 -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43754 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43540 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 84.125.110.133:1897 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 81.39.195.124:65528 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 194.179.126.157:44125 TIME_WAIT -
    tcp 0 4703 91.121.29.127:80 190.229.150.119:49223 ESTABLISHED 9593/apache2
    tcp 0 0 91.121.29.127:80 190.75.163.57:2376 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.75.163.57:2452 ESTABLISHED 9741/apache2
    tcp 0 0 91.121.29.127:80 190.139.98.138:2872 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.80.164.38:25578 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 79.146.145.9:1948 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 80.30.96.168:1631 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 84.79.138.19:1476 FIN_WAIT2 -
    tcp 0 0 91.121.29.127:80 201.116.140.243:23514 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 93.156.1.249:21965 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 85.136.179.50:1589 TIME_WAIT -
    tcp 0 669 91.121.29.127:80 190.229.150.119:49225 ESTABLISHED 9418/apache2
    tcp 0 0 91.121.29.127:80 194.179.126.157:43450 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.245.210.141:50435 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 80.30.96.168:1638 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 80.30.96.168:1639 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 89.141.25.25:62976 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 190.139.98.138:2874 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 200.106.68.226:24074 TIME_WAIT -
    tcp 0 1435 91.121.29.127:80 190.229.150.119:49222 ESTABLISHED 9730/apache2
    tcp 0 0 91.121.29.127:80 194.179.126.157:44398 TIME_WAIT -
    tcp 0 0 91.121.29.127:80 194.179.126.157:43642 TIME_WAIT -

  6. #6

    Predeterminado Re: Hackeo, pillado en el LOG

    Cdigo:
    tcp        0      0 91.121.29.127:80        84.125.110.133:1918     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        80.103.149.198:60114    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        212.230.138.123:54836   ESTABLISHED 9753/apache2
    tcp        0      0 91.121.29.127:80        85.136.179.50:1585      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        85.136.201.9:53712      FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        84.125.110.133:1983     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        213.99.192.227:63148    ESTABLISHED 9754/apache2
    tcp        0      0 91.121.29.127:80        62.42.37.53:49843       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.245.210.141:50427   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        95.18.12.253:1779       FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        200.106.68.226:24000    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        88.0.20.90:46183        TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.80.164.38:25582     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        213.96.184.46:3725      FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        200.80.164.38:27975     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        189.216.6.153:3266      FIN_WAIT2   -
    tcp        0  28030 91.121.29.127:80        79.159.43.49:21937      ESTABLISHED 9610/apache2
    tcp        0      0 91.121.29.127:80        200.80.164.38:59704     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.245.210.141:50347   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.10.16:1454       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.233.43.55:26064     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        212.230.138.123:54807   ESTABLISHED 9100/apache2
    tcp        0      0 91.121.29.127:80        194.179.126.157:44587   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.239.61:2222      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.98.138:2863     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.233.43.55:26065     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.37.53:49794       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        84.125.110.133:1979     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.98.138:2862     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        93.156.1.249:22012      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.106.68.226:24036    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        85.219.96.143:57262     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.37.53:49858       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.80.164.38:13122     ESTABLISHED 9621/apache2
    tcp        0      0 91.121.29.127:80        85.59.72.148:4440       FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        189.186.105.118:3980    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.239.61:2231      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.10.16:1458       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.18.22:10441     TIME_WAIT   -
    tcp        0    308 91.121.29.127:80        79.159.43.49:21935      ESTABLISHED 9099/apache2
    tcp        0      0 91.121.29.127:80        190.245.210.141:50426   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43332   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.159.165.96:23509     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.106.68.226:24130    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.10.16:1457       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        89.141.25.25:62781      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        84.125.110.133:1990     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        189.186.105.118:3981    ESTABLISHED 8946/apache2
    tcp        0      0 91.121.29.127:80        200.80.164.38:13121     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.34.163:49961      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43942   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.5.112.98:22274      FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        190.245.210.141:50398   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1928       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.18.22:10621     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.106.68.226:24002    TIME_WAIT   -
    tcp        0   5749 91.121.29.127:80        190.136.29.14:43424     LAST_ACK    -
    tcp        0      0 91.121.29.127:80        200.106.68.226:23982    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        85.136.179.50:1673      ESTABLISHED 8786/apache2
    tcp        0      0 91.121.29.127:80        189.216.6.153:3219      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.245.210.141:50352   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43693   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        85.136.201.9:53701      FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        84.125.110.133:1904     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        160.44.247.146:49104    FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43662   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.80.164.38:59706     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        213.96.184.46:3729      FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        85.59.72.148:4432       FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43512   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        85.136.179.50:1588      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1954       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.37.53:49795       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        95.18.12.253:1801       FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        93.156.1.249:22015      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        93.156.1.249:22050      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.75.163.57:2371      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.233.43.55:26066     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        84.76.95.253:17153      TIME_WAIT   -
    tcp        0  18931 91.121.29.127:80        213.99.192.227:6948     ESTABLISHED 9083/apache2
    tcp        0      0 91.121.29.127:80        194.179.126.157:43509   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43539   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.34.163:49912      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        88.14.186.68:10327      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        83.38.110.177:49405     FIN_WAIT2   9563/apache2
    tcp        0      0 91.121.29.127:80        200.106.68.226:24083    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43690   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1918       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.106.68.226:23980    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.98.138:2865     TIME_WAIT   -
    tcp        0    725 91.121.29.127:80        190.229.150.119:49228   ESTABLISHED 9752/apache2
    tcp        0      0 91.121.29.127:80        80.30.96.168:1630       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        189.186.105.118:3979    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1950       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43514   TIME_WAIT   -
    tcp        0      0 91.121.29.127:22        85.54.143.150:51946     ESTABLISHED 26218/sshd: root@no
    tcp        0      0 91.121.29.127:80        200.106.68.226:23975    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        217.125.73.25:27778     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        89.141.25.25:62975      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43420   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1956       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.98.138:2867     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.233.43.55:26061     TIME_WAIT   -
    tcp        0    308 91.121.29.127:80        79.159.43.49:21934      ESTABLISHED 9743/apache2
    tcp        0      0 91.121.29.127:80        186.16.239.61:2219      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.139.98.138:2881     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43713   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        88.14.186.68:10330      FIN_WAIT2   9437/apache2
    tcp        0      0 91.121.29.127:80        200.80.164.38:13120     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        213.37.164.235:2797     FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        88.14.186.68:10331      FIN_WAIT2   9590/apache2
    tcp        0      0 91.121.29.127:80        200.48.5.13:58132       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        189.216.6.153:3206      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        189.186.105.118:3995    ESTABLISHED 9731/apache2
    tcp        0      0 91.121.29.127:80        90.163.157.127:53705    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43672   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.37.53:49791       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        88.16.54.145:49343      ESTABLISHED 9574/apache2
    tcp        0      0 91.121.29.127:80        189.186.105.118:3993    ESTABLISHED 9773/apache2
    tcp        0      0 91.121.29.127:80        81.39.195.124:65531     FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        62.42.34.163:49964      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        93.156.1.249:21979      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.34.163:49963      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43756   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        217.125.73.25:27781     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:44407   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1916       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:44096   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.233.43.55:26067     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        93.156.1.249:21966      TIME_WAIT   -
    tcp        0    308 91.121.29.127:80        79.159.43.49:21932      ESTABLISHED 9564/apache2
    tcp        0      0 91.121.29.127:10000     85.54.143.150:56853     ESTABLISHED 8940/perl
    tcp        0      0 91.121.29.127:80        200.80.164.38:13124     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        217.125.73.25:27777     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.80.164.38:32283     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        85.136.179.50:1506      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        81.39.195.124:65530     FIN_WAIT2   -
    tcp        0      0 91.121.29.127:80        62.42.34.163:49915      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        190.245.210.141:50345   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.34.163:49914      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        77.224.11.176:50029     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        79.146.145.9:1926       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        89.234.35.60:57075      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.10.16:1444       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        83.38.110.177:49406     FIN_WAIT2   9591/apache2
    tcp        0      0 91.121.29.127:80        186.16.10.16:1460       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.37.53:49846       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        62.42.37.53:49833       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.80.164.38:25580     TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        67.195.110.182:36015    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        93.156.1.249:22017      TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43394   TIME_WAIT   -
    tcp        0    308 91.121.29.127:80        79.159.43.49:21936      ESTABLISHED 9589/apache2
    tcp        0      0 91.121.29.127:80        194.179.126.157:43808   TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        186.16.10.16:1448       TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        200.106.68.226:23999    TIME_WAIT   -
    tcp        0      0 91.121.29.127:80        194.179.126.157:43939   TIME_WAIT   -
    udp        0      0 0.0.0.0:10000           0.0.0.0:*                           5219/perl
    udp        0      0 0.0.0.0:20000           0.0.0.0:*                           5202/perl
    udp        0      0 91.121.29.127:53        0.0.0.0:*                           3418/named
    udp        0      0 127.0.0.1:53            0.0.0.0:*                           3418/named
    udp        0      0 127.0.0.1:44104         127.0.0.1:44104         ESTABLISHED 3579/postgres
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path






    Salu2!! y mil gracias de nuevooo

  7. #7

    Predeterminado Re: Hackeo, pillado en el LOG

    Perdn por poner tantos post, pero es que no me caben los caracteres.

    Ya tengo el acces_log de apache, pero no encuentro nada extrao, alomejor no se mirar bien... os pego las lineas del momento en el que se ejecuta el DROP DATABASE.

    201.173.157.152 - - [13/May/2010:20:08:57 +0200] "GET /avatars/mozoilo.gif?dateline=1233361563 HTTP/1.1" 200 2875 "http://www.clubnseries.com/general/26469-averiguar-firmware-n85.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
    201.201.90.201 - - [13/May/2010:20:08:56 +0200] "GET /images/bluedemon/gradients/gradient_tcat.gif HTTP/1.1" 200 13639 "http://www.clubnseries.com/juegos-android/44366-g-mel0ft-chessmaster-d-nilych.html" "Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5800d-1b/21.2.025; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413"
    201.201.90.201 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/misc/altbg.gif HTTP/1.1" 200 273 "http://www.clubnseries.com/juegos-android/44366-g-mel0ft-chessmaster-d-nilych.html" "Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5800d-1b/21.2.025; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/statusicon/user_offline.gif HTTP/1.1" 200 290 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/vbseo/delicious.gif HTTP/1.1" 200 125 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/vbseo/digg.gif HTTP/1.1" 200 191 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/vbseo/technorati.gif HTTP/1.1" 200 363 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/vbseo/furl.gif HTTP/1.1" 200 604 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/vbulletin_important.css?v=385 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    201.201.90.203 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/misc/tcat_left.gif HTTP/1.1" 200 1658 "http://www.clubnseries.com/juegos-android/44366-g-mel0ft-chessmaster-d-nilych.html" "Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 Nokia5800d-1b/21.2.025; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/vbulletin_global.js?v=385 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    201.173.157.152 - - [13/May/2010:20:08:57 +0200] "GET /images/moviles/N85.gif HTTP/1.1" 404 34 "http://www.clubnseries.com/general/26469-averiguar-firmware-n85.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/buttons/quote.gif HTTP/1.1" 200 6169 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/ranks/e_2G.png HTTP/1.1" 200 5059 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/vbulletin_menu.js?v=385 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/moviles/N97.gif HTTP/1.1" 404 34 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/misc/im_msn.gif HTTP/1.1" 200 1037 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/vbulletin_ajax_threadslist.js?v=385 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/ncode_imageresizer.js?v=1.0.2 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    189.173.169.10 - - [13/May/2010:20:08:57 +0200] "GET /www.clubnseries.com/images/donat.gif HTTP/1.1" 301 20 "http://www.clubnseries.com/problemas-hack/38006-no-puedo-firmar-helloox-1-04-a.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /www.clubnseries.com/images/donat.gif HTTP/1.1" 301 20 "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/recreatead.js?v=4.02 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    85.58.71.236 - - [13/May/2010:20:08:57 +0200] "GET /clientscript/vbulletin_inlinemod.js?v=385 HTTP/1.1" 304 - "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/misc/im_yahoo.gif HTTP/1.1" 200 1040 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/smilies/biggrin.gif HTTP/1.1" 200 1052 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/avatars/noavatar.gif HTTP/1.1" 200 2005 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    85.136.69.160 - - [13/May/2010:20:08:57 +0200] "GET /avatars/lecker.gif?dateline=1262723985 HTTP/1.1" 200 170179 "http://www.clubnseries.com/index.php?nseries=aplicaciones5" "Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.19) Gecko/2010031422 Ant.com Toolbar 2.0.1 Firefox/3.0.19"
    70.85.16.16 - - [13/May/2010:20:08:57 +0200] "GET /includes/function.php HTTP/1.0" 200 40 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    66.249.71.140 - - [13/May/2010:20:08:57 +0200] "GET /archive/index.php/t-48376.html HTTP/1.1" 301 20 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/bluedemon/reputation/reputation_balance.gif HTTP/1.1" 200 501 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /avatars/alegonbe.gif?dateline=1251930063 HTTP/1.1" 503 1221 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /avatars/alquimista78.gif?dateline=1250223117 HTTP/1.1" 503 1221 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /images/moviles/N82.gif HTTP/1.1" 404 34 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:57 +0200] "GET /avatars/ivanbs.gif?dateline=1246484343 HTTP/1.1" 503 1221 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    85.58.71.236 - - [13/May/2010:20:08:58 +0200] "GET /www.clubnseries.com/images/donat.gif HTTP/1.1" 301 20 "http://www.clubnseries.com/search.php?searchid=1907953" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/smilies/smile.gif HTTP/1.1" 200 1061 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    186.16.36.95 - - [13/May/2010:20:08:55 +0200] "GET /07_faq_a.gif HTTP/1.1" 200 18373 "http://www.clubnseries.com/n-gage-2-0/29799-27-juegos-n-gage-full-crakeados-mas-aplicacion-n-gage-2-0-y-tools.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/ranks/e_1G.png HTTP/1.1" 200 5078 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.173.157.152 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/reputation/reputation_pos.gif HTTP/1.1" 200 501 "http://www.clubnseries.com/general/26469-averiguar-firmware-n85.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
    201.160.25.66 - - [13/May/2010:20:08:58 +0200] "GET /www.clubnseries.com/images/donat.gif HTTP/1.1" 301 20 "http://www.clubnseries.com/login.php?do=logout&logouthash=1273774103-370c3b60516827181cb798058dbfb016aa101403" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    201.160.25.66 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/gradients/gradient_panelsurround.gif HTTP/1.1" 304 - "http://www.clubnseries.com/login.php?do=logout&logouthash=1273774103-370c3b60516827181cb798058dbfb016aa101403" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    186.24.18.1 - - [13/May/2010:20:08:58 +0200] "GET /recreo-off-topic/20373-pop-idol-barbie-girl.html HTTP/1.1" 503 1275 "http://www.google.co.ve/search?hl=es&source=hp&q=juegos++++de+++barbie++++ girl+++de+++sexo&btnG=Buscar+con+Google&aq=o&aqi=& aql=&oq=&gs_rfai=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; InfoPath.2; .NET CLR 2.0.50727)"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/misc/bookmarksite_stumbleupon.gif HTTP/1.1" 200 1023 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/smilies/sad.gif HTTP/1.1" 200 740 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/misc/bookmarksite_google.gif HTTP/1.1" 200 314 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/misc/bookmarksite_digg.gif HTTP/1.1" 200 258 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/misc/bookmarksite_delicious.gif HTTP/1.1" 200 113 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    212.170.235.17 - - [13/May/2010:20:08:58 +0200] "GET /descargas-aplicaciones-5-edicion/index8.html HTTP/1.1" 503 2971 "http://www.clubnseries.com/descargas-aplicaciones-5-edicion/index7.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    84.123.128.178 - - [13/May/2010:20:08:58 +0200] "GET /index.php?nseries=home&news_page=4 HTTP/1.1" 503 1192 "http://www.clubnseries.com/index.php?nseries=home&news_page=3" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    201.160.25.66 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/gradients/gradient_panel.gif HTTP/1.1" 304 - "http://www.clubnseries.com/login.php?do=logout&logouthash=1273774103-370c3b60516827181cb798058dbfb016aa101403" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    201.241.230.82 - - [13/May/2010:20:08:56 +0200] "GET /images/bluedemon/misc/header.gif HTTP/1.1" 200 276595 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    84.123.128.178 - - [13/May/2010:20:08:58 +0200] "GET /image.php?type=dberror HTTP/1.1" 200 1284 "http://www.clubnseries.com/index.php?nseries=home&news_page=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    201.173.157.152 - - [13/May/2010:20:08:58 +0200] "GET /images/icons/icon1.gif HTTP/1.1" 200 1032 "http://www.clubnseries.com/general/26469-averiguar-firmware-n85.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
    212.170.235.17 - - [13/May/2010:20:08:58 +0200] "GET /descargas-aplicaciones-5-edicion/image.php?type=dberror HTTP/1.1" 301 - "http://www.clubnseries.com/descargas-aplicaciones-5-edicion/index8.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/buttons/printer.gif HTTP/1.1" 200 1072 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/buttons/sendtofriend.gif HTTP/1.1" 200 1125 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/buttons/mode_linear.gif HTTP/1.1" 200 609 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/buttons/mode_hybrid.gif HTTP/1.1" 200 588 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:58 +0200] "GET /images/bluedemon/buttons/mode_threaded.gif HTTP/1.1" 200 562 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    212.170.235.17 - - [13/May/2010:20:08:58 +0200] "GET /image.php?type=dberror HTTP/1.1" 200 1284 "http://www.clubnseries.com/descargas-aplicaciones-5-edicion/index8.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    186.40.46.107 - - [13/May/2010:20:08:56 +0200] "GET /search.php?cx=008514742519005312674%3Astktp-0amaq&cof=FORID%3A9&q=nokia+5530&do=process&showpo sts=0&s=&x=13&y=9 HTTP/1.1" 200 21804 "http://www.clubnseries.com/register.php?do=register" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    67.195.110.182 - - [13/May/2010:20:08:59 +0200] "GET /members/edwar00.html HTTP/1.0" 503 1188 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)"
    201.173.157.152 - - [13/May/2010:20:08:59 +0200] "GET /images/bluedemon/misc/alt2pbbg.gif HTTP/1.1" 200 239 "http://www.clubnseries.com/general/26469-averiguar-firmware-n85.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /images/bluedemon/buttons/collapse_thead.gif HTTP/1.1" 200 300 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /images/vbseo/linkback_url.gif HTTP/1.1" 200 394 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /images/vbseo/linkback_about.gif HTTP/1.1" 200 243 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /01_foro_a.gif HTTP/1.1" 200 18548 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /04_d02_a.gif HTTP/1.1" 200 18768 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /02_buscar_a.gif HTTP/1.1" 200 18398 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    88.9.158.239 - - [13/May/2010:20:08:59 +0200] "GET /index.php HTTP/1.1" 503 1170 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    201.173.157.152 - - [13/May/2010:20:08:59 +0200] "GET /images/bluedemon/misc/alt1pbbg.gif HTTP/1.1" 200 188 "http://www.clubnseries.com/general/26469-averiguar-firmware-n85.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
    95.120.210.191 - - [13/May/2010:20:08:59 +0200] "GET /11_pc_b.gif HTTP/1.1" 200 18547 "http://www.clubnseries.com/register.php?do=register" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7"
    95.120.210.191 - - [13/May/2010:20:08:59 +0200] "GET /10_gage_b.gif HTTP/1.1" 200 18497 "http://www.clubnseries.com/register.php?do=register" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /themes_01.gif HTTP/1.1" 200 17717 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    95.120.210.191 - - [13/May/2010:20:08:59 +0200] "GET /09_melodias_b.gif HTTP/1.1" 200 18685 "http://www.clubnseries.com/register.php?do=register" "Mozilla/5.0 (Windows; U; Windows NT 6.0; es-ES) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /juegos_01.gif HTTP/1.1" 200 17733 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    84.123.128.178 - - [13/May/2010:20:08:58 +0200] "GET /favicon.ico HTTP/1.1" 200 262144 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /aplicaciones_01.gif HTTP/1.1" 200 17834 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    201.241.230.82 - - [13/May/2010:20:08:59 +0200] "GET /03_Tutoriales_a.gif HTTP/1.1" 200 18450 "http://www.clubnseries.com/general/46388-nokia-5530-xpress-music.html" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
    186.16.36.95 - - [13/May/2010:20:08:52 +0200] "GET /aplicaciones_01.gif HTTP/1.1" 200 17834 "http://www.clubnseries.com/n-gage-2-0/29799-27-juegos-n-gage-full-crakeados-mas-aplicacion-n-gage-2-0-y-tools.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)"
    186.16.36.95 - - [13/May/2010:20:08:59 +0200] "GET /12_peliculas_a.gif HTTP/1.1" 200 18722 "http://www.clubnseries.com/n-gage-2-0/29799-27-juegos-n-gage-full-crakeados-mas-aplicacion-n-gage-2-0-y-tools.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)"
    95.214.64.171 - - [13/May/2010:20:08:40 +0200] "GET /09_melodias_a.gif HTTP/1.1" 200 18732 "http://www.clubnseries.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Avant Browser; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Media Center PC 4.0; .NET CLR 1.1.4322)"
    95.214.64.171 - - [13/May/2010:20:08:48 +0200] "GET /10_gage_a.gif HTTP/1.1" 200 18517 "http://www.clubnseries.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Avant Browser; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Media Center PC 4.0; .NET CLR 1.1.4322)"
    186.16.36.95 - - [13/May/2010:20:08:59 +0200] "GET /11_pc_a.gif HTTP/1.1" 200 18580 "http://www.clubnseries.com/n-gage-2-0/29799-27-juegos-n-gage-full-crakeados-mas-aplicacion-n-gage-2-0-y-tools.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)"
    ltimas lneas de Mostrar slo las lneas que contengan el texto

    Gracias!!!

  8. #8

    Predeterminado Re: Hackeo, pillado en el LOG

    Hola de nuevo

    He estado revisando el log de apache y no veo nada raro. En las conexiones activas tampoco y en procesos del sistema tampoco.

    Puedes darnos algun dato mas? Como:

    - Cuando sucede?
    - Es siempre a la misma hora/dia de la semana/etc...?
    - Como te percatas del error/Porque sabes que es un ataque?

    A ver si alguien ve algo mas que yo, pero ya nos iras contando.

  9. #9

    Predeterminado Re: Hackeo, pillado en el LOG

    Hola, gracias por la respuesta de nuevo, esto me suceda cada semana mas o menos, pero ya se estn pasando, ayer 3 veces y hoy otras 2, una ahora mismo. Me borran la base de datos entera, no me queda nada.

    Gracias que tengo un sistema de backup, pero an as siempre pierdo algo.

    El ataque me percato de l porque desaparece la base de datos xDD, no por otra cosa, y as llevo meses, cambiando de servidor, de sistema y siempre =


    Muchas gracias por la ayuda.


    Salu2!!

  10. #10

    Predeterminado Re: Hackeo, pillado en el LOG

    Bien. 4GB de logs me parecen muchos para que puedas analizarlos, yo lo que haria, seria renombrar ese log de apache a otro nombre y despues un:

    /etc/init.d/apache2 reload

    (Depende de distribuciones apache2 puede ser apache o httpd)

    Y esperar a que te hackeen, pero eso si, debes saber la hora exacta.

    Con la hora en mano y un log mas pequeo, lo analizas y deberia haber algo que huela mal.

    De todas formas supongo que tendras todo el sistema actualizado, la aplicacion web, etc...

Pgina 1 de 2 12 ltimoltimo

Permisos de Publicacin

  • No puedes crear nuevos temas
  • No puedes responder temas
  • No puedes subir archivos adjuntos
  • No puedes editar tus mensajes
  •