日期:2014-05-16  浏览次数:21359 次

iis日志这里是否有hacker痕迹 请老手帮忙分析 多谢!
2011-03-11 18:28:33 220.181.125.178 59903 117.79.224.207 80 HTTP/1.1 GET /news/25/200908/cb1dd20bf5c018f4.html 400 - Hostname -
2011-03-11 18:28:37 59.51.73.15 2284 117.79.224.207 80 HTTP/1.1 GET /ijvmyao4ffgjdb/hgfhh#@@@@#$@#@ghtyuhawxsghhdwdsge#@#$.asa 400 - URL -
2011-03-11 18:28:37 59.51.73.15 2298 117.79.224.207 80 HTTP/1.1 GET /qxlzdatabase/05384#$%05sdfapongADFON.asa 400 - URL -
2011-03-11 18:28:37 59.51.73.15 2312 117.79.224.207 80 HTTP/1.1 GET /rafudata/www.haosfxp.com#@#$.asa 400 - URL -
2011-03-11 18:28:37 59.51.73.15 2325 117.79.224.207 80 HTTP/1.1 GET /xkzgdata/.klfsd#SqlIn.asa 400 - URL -
2011-03-11 18:28:37 59.51.73.15 2338 117.79.224.207 80 HTTP/1.1 GET /gmpjassddfre342#$@%^&(UI/1010202030302a22a2a2a2a2a4d.asa 400 - URL -
2011-03-11 18:28:37 59.51.73.15 2352 117.79.224.207 80 HTTP/1.1 GET /zvtdweb/database/#3389SF.asa 400 - URL -
2011-03-11 18:28:37 59.51.73.15 2369 117.79.224.207 80 HTTP/1.1 GET /hagmdatabase/#3389SF.asa 400 - URL -
2011-03-11 18:28:37 220.181.125.178 61370 117.79.224.207 80 HTTP/1.1 GET /news/1/shrd/200812/6715b03f9bbf9853.html 400 - Hostname -

------解决方案--------------------
至少站点正在被扫,估计是用挖掘鸡之类的工具再扫,不过一般的站点都是会被扫的,没什么大惊小怪的,access库的话,要防止下载数据库文件,有上传的话,注意下上传的程序是否有漏洞,再就是把放置上传文件的文件夹在iis里设置为不可执行脚本