ログの監査をしていたら、サーバー内に設置されている某CGIに、エロサイトのURLを延々と書き込むスクリプトらしいログを発見!! -> アクセス拒否を記述しておいた。それでも諦めずに延々とアクセスしてうちのエラーログを長くしてくる!ルーターレベルでアクセスを弾くべきかな。。
IPをちょっと調べたら、Scandinaviaからのアクセスのよう。
先方のポートは、110(POP3)、139(NetBIOS)、445(SMB)、3389(Remote Desktrop)などが開きっぱなしなので、どっかの間抜けなWindowsサーバが攻撃スクリプトの踏み台にされている可能性も。。。おいおい!
[Sun Jan 24 01:07:46 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:11:49 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:23:34 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:26:30 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:30:15 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:34:47 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:40:13 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:44:11 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 01:53:57 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi
[Sun Jan 24 02:03:06 2010] [error] [client 95.143.192.24] client denied by server configuration: /home/username/public_html/cgi-bin/wema/index.cgi