홈페이지 취약점 분석 이야기 파일 지도 사진 깨알






>> 목록보이기
#공격로그 #스캔로그 #ProxyAbuse #프록시 남용 #IP주소 위장 #A5-Security Misconfiguration

오늘의 웹서버 취약점 스캔 로그: Apache의 Proxy 기능 탐지 시도

아파치의 접속로그를 보면 특이한 접속 로그들이 보인다. 하나는 다른 누리집의 URL을 GET 방식으로 접속하려는 "GET http://www.baidu.com/favicon.ico HTTP/1.1"와 같은 방식이다. 또 하나는 CONNECT 메소드로 다른 누리집에 접근하려는 "CONNECT www.google.se:443 HTTP/1.1"와 같은 접속로그이다. 다양한 IP 주소가 발견되고 있으며 최근에 가장 많은 공격 형태의 하나로 보인다.

웹 서버 소프트웨어의 프록시 기능이 켜져있으면 이러한 공격에 악용될 수 있다. 이렇게 다른 웹 서버의 프록시 기능을 악용하는 것을 "프록시남용 (ProxyAbuse)" 공격이라고 한다. 자세한 내용은 Httpd Wiki의 ProxyAbuse 문서 (영어)을 참조하면 된다. 실제 침해사례는 Apache ProxyAbuse 아파치 프록시 어뷰징 공격을 참조하기 바란다.

103.37.145.248 - - [21/Jan/2017:09:41:05 +0900] "GET http://www.baidu.com/favicon.ico HTTP/1.1" 200 1691 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
120.132.68.142 - - [21/Jan/2017:20:54:48 +0900] "GET http://www.baidu.com/favicon.ico HTTP/1.1" 200 1691 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36"
91.236.75.4 - - [21/Jan/2017:20:59:16 +0900] "GET http://www.google.com/ HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:20:59:16 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48565 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:21:00:05 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:21:00:06 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49415 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:21:38:14 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:21:38:15 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49326 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:21:38:20 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:21:38:20 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48661 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.239.67.68 - - [21/Jan/2017:22:00:06 +0900] "CONNECT www.google.se:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
91.239.67.68 - - [21/Jan/2017:22:00:22 +0900] "CONNECT www.google.se:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
91.239.67.68 - - [21/Jan/2017:22:00:39 +0900] "CONNECT www.google.se:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
91.236.75.4 - - [21/Jan/2017:22:15:10 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:15:10 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48333 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:15:18 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:15:18 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48389 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:52:29 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:52:30 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48584 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:52:35 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:22:52:36 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48540 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [21/Jan/2017:22:57:30 +0900] "GET http://www.google.co.uk/search?q=r5w+bulb&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [21/Jan/2017:22:57:31 +0900] "GET http://www.google.com/search?q=site:australiancruisegroup.com.au HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:22:57:39 +0900] "GET http://www.google.com/search?q=site:tjsparta-kh.cz HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:22:57:47 +0900] "GET http://www.google.co.uk/search?q=at%26t&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [21/Jan/2017:22:57:48 +0900] "GET http://www.google.com/search?q=site:greencarrier.fi HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:22:57:57 +0900] "GET http://www.google.com/search?q=site:gezondheidshulponline.nl HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:06:41 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=events.turnto10.com HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:08:29 +0900] "GET http://www.google.co.uk/search?q=jagoda+kumri%C4%87&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [21/Jan/2017:23:08:35 +0900] "GET http://www.google.com/search?q=site:biomas.fr HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:08:43 +0900] "GET http://www.google.com/search?q=site:gzqnly.com.cn HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:08:49 +0900] "GET http://www.google.co.uk/search?q=what+is+business+model&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [21/Jan/2017:23:08:49 +0900] "GET http://www.google.com/search?q=site:fookya.net HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:08:57 +0900] "GET http://www.google.com/search?q=site:my6cent.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:16:28 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=sfera-technologi.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:27:13 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=julianatoledo.info HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
91.236.75.4 - - [21/Jan/2017:23:29:09 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:23:29:10 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48845 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:23:29:13 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [21/Jan/2017:23:29:13 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48630 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [21/Jan/2017:23:37:32 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=win-legko.info HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:49:01 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=anonse-prywatne-pan-lidzbark-warminski.warminsko-mazurskie-seks.info HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [21/Jan/2017:23:57:11 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=miasto.waw.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:00:06:12 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=familyserviceday.org HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
91.236.75.4 - - [22/Jan/2017:00:08:57 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:00:08:58 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49029 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:00:09:07 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:00:09:07 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48269 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:00:19:18 +0900] "GET http://archive.org/wayback/available?url=bluegap.ch×tamp=19900101 HTTP/1.1" 404 477 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:00:23:47 +0900] "GET http://www.google.com/search?q=site:jours-de-marche.fr HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:00:23:56 +0900] "GET http://www.google.com/search?q=site:ghosttrainmovie.co.uk HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:00:24:05 +0900] "GET http://www.google.com/search?q=site:t2social.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:00:24:05 +0900] "GET http://www.google.co.uk/search?q=securifi+almond&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:00:24:13 +0900] "GET http://www.google.com/search?q=site:laohuangli.net HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:00:24:28 +0900] "GET http://www.google.co.uk/search?q=tan+skin&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
91.236.75.4 - - [22/Jan/2017:00:53:08 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:00:53:08 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48588 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:00:53:13 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:00:53:14 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49113 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:01:10:03 +0900] "GET http://www.google.com/search?q=site:smithassociation.org HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:10:12 +0900] "GET http://www.google.com/search?q=site:minimaxi.cv.ua HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:10:21 +0900] "GET http://www.google.com/search?q=site:ngamesnc.it HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:10:31 +0900] "GET http://www.google.com/search?q=site:liangyiyuan.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:10:48 +0900] "GET http://www.google.co.uk/search?q=best+place+to+order+checks&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:01:11:27 +0900] "GET http://www.google.co.uk/search?q=fsw+portal&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:01:19:25 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=gemsamericanacademy-qatar.com HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:24:28 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=wbcnet.de HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:33:27 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=pvcplusdrilling.com HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
91.236.75.4 - - [22/Jan/2017:01:34:22 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:01:34:22 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:01:34:31 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:01:34:32 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48418 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:01:38:28 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=islamway.net HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:48:00 +0900] "GET http://archive.org/wayback/available?url=kratineti.wordpress.com×tamp=19900101 HTTP/1.1" 404 477 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:49:52 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=teamrochester.org HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:01:57:16 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=fredthemovie.com HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:09:02 +0900] "GET http://www.google.com/search?q=site:blog.kaltura.org HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:09:17 +0900] "GET http://www.google.com/search?q=site:charlesscottphoto.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:09:33 +0900] "GET http://www.google.com/search?q=site:campinginidaho.org HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:09:45 +0900] "GET http://www.google.com/search?q=site:murdermanual.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:09:45 +0900] "GET http://www.google.co.uk/search?q=r%26b+music&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:02:10:21 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=dlajulki.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:10:44 +0900] "GET http://www.google.co.uk/search?q=%D8%A7%D9%81%D8%B1%D9%88%D8%AF%D9%8A%D8%AA&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
91.236.75.4 - - [22/Jan/2017:02:17:07 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:02:17:08 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49428 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:02:17:16 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:02:17:17 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48628 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:02:47:08 +0900] "GET http://www.google.com/search?q=site:impeachbushnow.org HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:47:16 +0900] "GET http://www.google.com/search?q=site:shrinkyours.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:47:22 +0900] "GET http://www.google.co.uk/search?q=inheritance+advance&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:02:47:23 +0900] "GET http://www.google.com/search?q=site:balfourinf.ik.org HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:47:31 +0900] "GET http://www.google.com/search?q=site:woorinongsan.net HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:02:47:39 +0900] "GET http://www.google.co.uk/search?q=ilber+ortayl%C4%B1&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
91.236.75.4 - - [22/Jan/2017:02:59:07 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:02:59:08 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49420 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:02:59:15 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:02:59:16 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48383 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:03:21:27 +0900] "GET http://www.google.com/search?q=site:lindscues.multiply.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:21:34 +0900] "GET http://www.google.com/search?q=site:aboointeractive.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:21:34 +0900] "GET http://www.google.co.uk/search?q=surfside+rv+%26+resort+port+aransas+tx&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:03:21:41 +0900] "GET http://www.google.com/search?q=site:cutedogvideo.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:21:45 +0900] "GET http://www.google.co.uk/search?q=family+%26+friends+railcard&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:03:21:47 +0900] "GET http://www.google.com/search?q=site:blog.psych.andress.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:22:17 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=drmarknugent.com HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:23:00 +0900] "GET http://archive.org/wayback/available?url=gosunn.com×tamp=19900101 HTTP/1.1" 404 477 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:26:18 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=quarq.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:27:17 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=qwadrans.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:28:11 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=reters.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:32:19 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=softfirm.pisz.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:33:24 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=stronadlaparafii.com.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:03:34:09 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=exantcare.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
91.236.75.4 - - [22/Jan/2017:03:43:48 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:03:43:49 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:03:43:52 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:03:43:53 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49505 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:04:22:52 +0900] "GET http://archive.org/wayback/available?url=billigdrucken.de×tamp=19900101 HTTP/1.1" 404 477 "-" "python-requests/2.9.1"
91.236.75.4 - - [22/Jan/2017:04:25:02 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:04:25:02 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48580 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:04:25:10 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:04:25:11 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48405 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:04:33:34 +0900] "GET http://www.google.com/search?q=site:jutrosin.wpolsce24.pl HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:33:43 +0900] "GET http://www.google.com/search?q=site:autolicznik.com.pl HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:34:03 +0900] "GET http://www.google.com/search?q=site:leewyf.altervista.org HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:34:11 +0900] "GET http://www.google.com/search?q=site:narodniesredstva.ru HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:41:35 +0900] "GET http://www.google.com/search?q=site:faceaz.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:41:49 +0900] "GET http://www.google.com/search?q=site:zpravy-pro-neslysici.cz HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:42:02 +0900] "GET http://www.google.com/search?q=site:bestestrecipes.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:42:15 +0900] "GET http://www.google.com/search?q=site:onlinemarketingplus.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:42:25 +0900] "GET http://www.google.co.uk/search?q=alphabet+mug&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:04:42:59 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=dobreoferty.com.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:43:35 +0900] "GET http://www.google.co.uk/search?q=mene%26moy&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:04:44:34 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=web.staramysie.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:45:38 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=pochmieleni.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:50:34 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=hg0027.cc HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:51:38 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=jaksieodchudzicc.pl HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:04:53:20 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=sportscollectables.nu2us.com HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
91.239.67.68 - - [22/Jan/2017:04:54:05 +0900] "CONNECT www.google.de:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1"
91.239.67.68 - - [22/Jan/2017:04:54:06 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
91.239.67.68 - - [22/Jan/2017:04:54:20 +0900] "CONNECT www.google.de:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
91.239.67.68 - - [22/Jan/2017:04:54:21 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
213.133.97.216 - - [22/Jan/2017:04:54:30 +0900] "GET http://data.alexa.com/data?cli=10&dat=snbamz&url=sponsora-szukam-myszyniec.mazowieckie-seks.info HTTP/1.1" 404 467 "-" "python-requests/2.9.1"
91.239.67.68 - - [22/Jan/2017:04:54:30 +0900] "CONNECT www.google.de:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
91.239.67.68 - - [22/Jan/2017:04:54:38 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
91.236.75.4 - - [22/Jan/2017:05:06:09 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:05:06:09 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49153 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:05:06:15 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:05:06:16 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48452 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.239.67.68 - - [22/Jan/2017:05:09:36 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
91.239.67.68 - - [22/Jan/2017:05:09:36 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1"
91.239.67.68 - - [22/Jan/2017:05:10:17 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
91.239.67.68 - - [22/Jan/2017:05:10:17 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
91.239.67.68 - - [22/Jan/2017:05:11:04 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
91.239.67.68 - - [22/Jan/2017:05:11:05 +0900] "CONNECT www.google.it:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1"
213.133.97.216 - - [22/Jan/2017:05:29:56 +0900] "GET http://archive.org/wayback/available?url=michaelweinberg.com×tamp=19900101 HTTP/1.1" 404 477 "-" "python-requests/2.9.1"
91.236.75.4 - - [22/Jan/2017:05:40:20 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:05:40:20 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48672 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:05:40:25 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:05:40:26 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 49266 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:05:45:49 +0900] "GET http://www.google.com/search?q=site:jogodeacao.com.br HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:05:45:55 +0900] "GET http://www.google.com/search?q=site:ronelmm.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:05:46:01 +0900] "GET http://www.google.com/search?q=site:ecommerce-week.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:05:46:06 +0900] "GET http://www.google.com/search?q=site:darlenegardner.com HTTP/1.1" 404 469 "-" "python-requests/2.9.1"
213.133.97.216 - - [22/Jan/2017:05:46:12 +0900] "GET http://www.google.co.uk/search?q=bolni%C5%A1nica+valdoltra&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
213.133.97.216 - - [22/Jan/2017:05:46:58 +0900] "GET http://www.google.co.uk/search?q=car+insurance+ni&num=100&btnK=Google+Search HTTP/1.1" 404 471 "-" "python-requests/1.2.3 CPython/2.7.1 Windows/7"
91.239.67.68 - - [22/Jan/2017:05:56:21 +0900] "CONNECT www.google.fr:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1"
91.239.67.68 - - [22/Jan/2017:05:56:22 +0900] "CONNECT www.google.fr:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9"
91.239.67.68 - - [22/Jan/2017:05:57:11 +0900] "CONNECT www.google.fr:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1"
91.239.67.68 - - [22/Jan/2017:05:57:12 +0900] "CONNECT www.google.fr:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
91.239.67.68 - - [22/Jan/2017:05:58:10 +0900] "CONNECT www.google.fr:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
91.239.67.68 - - [22/Jan/2017:05:58:11 +0900] "CONNECT www.google.fr:443 HTTP/1.1" 302 170 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
91.236.75.4 - - [22/Jan/2017:06:16:28 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:06:16:29 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48565 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:06:16:31 +0900] "GET http://www.google.com/?id=x&1=&gws_rd=ssl HTTP/1.1" 302 170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
91.236.75.4 - - [22/Jan/2017:06:16:31 +0900] "GET http://webhack.dynu.net/ HTTP/1.1" 200 48371 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
213.133.97.216 - - [22/Jan/2017:06:21:46 +0900] "GET http://archive.org/wayback/available?url=searchuk.org×tamp=19900101 HTTP/1.1" 404 477 "-" "python-requests/2.9.1"

Apache 웹서버는 프록시 기능을 제공한다. 주로 외부에서는 접속할 수 없는 서버에 대해서 일부 기능만을 서비스대행하기 위해서 사용하는 것으로 보인다. 그런데 프록시 설정을 하지 않게 되면 누구나 프록시 기능에 접속할 수 있게 된다. 공격자들은 이러한 ProxyAbuse 공격을 통해서 자신의 IP주소를 다른 IP인 것처럼 위장하게 된다. 이를 통해 스팸메일을 보낼 수도 있다고 한다(CONNECT 방식).

IP주소 위장은 해킹 공격에서 자신의 IP주소를 숨기기 위한 방편이지만 최근에는 다른 방향에서 악용된다고 한다. "부정 광고 클릭"에 악용해서 수많은 IP주소에서 광고가 노출/클릭된 것으로 속여서 광고주로부터 돈을 뜯는 데 사용된다고 한다.

[처음 작성한 날: 2017.01.22]    [마지막으로 고친 날: 2017.01.22] 


< 이전 글 : WH-WebEditor-GM 라이브 ISO: 이미지 검증 기능을 우회하여 PHP 웹쉘 생성 (2017.01.23)

> 다음 글 : 오늘의 웹서버 공격 로그: Bash 쉘쇼크 취약점을 이용한 Perl Ircbot 삽입 시도 (2017.01.22)


크리에이티브 커먼즈 라이선스 이 저작물은 크리에이티브 커먼즈 저작자표시 4.0 국제 라이선스에 따라 이용할 수 있습니다.
잘못된 내용, 오탈자 및 기타 문의사항은 j1n5uk{at}daum.net으로 연락주시기 바랍니다.
문서의 시작으로 컴퓨터 깨알지식 웹핵 누리집 대문