Исходящий трафик

emain · 7 листопада 2020

Подскажите
у нас на сайте по ходу шелл
сайт на данный момент выдает 500 ошибку
в статистике превышен исходящий трафик
а что искать и где ума не приложу
вот в логах, только что тут понять

Спойлер


37.49.230.195 - - [07/Nov/2020:05:50:27 +0200] "GET /admin/index.php?route=common/login HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
37.49.230.195 - - [07/Nov/2020:05:50:27 +0200] "GET /admin/index.php?route=common/login HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
104.210.214.37 - - [07/Nov/2020:06:02:02 +0200] "GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.0" 500 538 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
104.210.214.37 - - [07/Nov/2020:06:02:02 +0200] "GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 500 550 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
66.249.66.210 - - [07/Nov/2020:06:12:26 +0200] "GET /syourei/syourei_2.html HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.210 - - [07/Nov/2020:06:12:26 +0200] "GET /syourei/syourei_2.html HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.191.171.8 - - [07/Nov/2020:06:43:47 +0200] "GET /robots.txt HTTP/1.0" 304 - "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
185.191.171.8 - - [07/Nov/2020:06:43:47 +0200] "GET /robots.txt HTTP/1.1" 304 0 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
185.191.171.7 - - [07/Nov/2020:06:43:47 +0200] "GET /sativa/auto-critical-1 HTTP/1.0" 500 538 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
185.191.171.7 - - [07/Nov/2020:06:43:47 +0200] "GET /sativa/auto-critical-1 HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"
107.150.65.115 - - [07/Nov/2020:07:16:46 +0200] "GET / HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0"
107.150.65.115 - - [07/Nov/2020:07:16:46 +0200] "GET / HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0"
66.249.66.212 - - [07/Nov/2020:07:24:45 +0200] "GET /marketing/index03.html HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.212 - - [07/Nov/2020:07:24:45 +0200] "GET /marketing/index03.html HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
37.73.89.176 - - [07/Nov/2020:08:40:35 +0200] "GET / HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Linux; Android 10; SM-A105F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.114 Mobile Safari/537.36"
37.73.89.176 - - [07/Nov/2020:08:40:36 +0200] "GET / HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Linux; Android 10; SM-A105F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.114 Mobile Safari/537.36"
37.73.89.176 - - [07/Nov/2020:08:40:37 +0200] "GET /favicon.ico HTTP/1.0" 404 209 "http://budda-seeds.com/" "Mozilla/5.0 (Linux; Android 10; SM-A105F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.114 Mobile Safari/537.36"
37.73.89.176 - - [07/Nov/2020:08:40:37 +0200] "GET /favicon.ico HTTP/1.1" 404 194 "http://budda-seeds.com/" "Mozilla/5.0 (Linux; Android 10; SM-A105F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.114 Mobile Safari/537.36"
66.249.66.210 - - [07/Nov/2020:08:42:07 +0200] "GET /marketing/index02.html HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.210 - - [07/Nov/2020:08:42:07 +0200] "GET /marketing/index02.html HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
176.98.70.149 - - [07/Nov/2020:08:52:02 +0200] "GET / HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:08:52:02 +0200] "GET / HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:08:52:02 +0200] "GET /favicon.ico HTTP/1.0" 404 209 "https://budda-seeds.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:08:52:02 +0200] "GET /favicon.ico HTTP/1.1" 404 194 "https://budda-seeds.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:08:54:40 +0200] "GET / HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:08:54:40 +0200] "GET / HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:09:01:03 +0200] "GET / HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:09:01:03 +0200] "GET / HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:09:14:15 +0200] "GET / HTTP/1.0" 500 538 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
176.98.70.149 - - [07/Nov/2020:09:14:15 +0200] "GET / HTTP/1.1" 500 550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"

Змінено 7 листопада 2020 користувачем emain

HyperLabTeam · 7 листопада 2020

чистить, лечить, смотреть за безопасностью, не пользоваться варезом

emain · 7 листопада 2020

16 минут назад, AWARO сказал:

чистить, лечить, смотреть за безопасностью, не пользоваться варезом

да это понятно

а по каким критериям искать этот шелл и где он зарыт

Вхід

Исходящий трафик

Recommended Posts

emain

Надіслати

Поділитися на інших сайтах

HyperLabTeam

Надіслати

Поділитися на інших сайтах

emain

Надіслати

Поділитися на інших сайтах

Створіть аккаунт або увійдіть для коментування

Створити обліковий запис

Вхід

Зараз на сторінці 0 користувачів

Покупцям

Розробникам

Корисна інформація

Останні розширення

Ваші замовлення

ocStore

Шаблони

OpenCart.Pro

Important Information