ZmEu漏洞扫描

挺黑的，nginx抓出来的日志。扫描各种php软件、数据库软件的 setup脚本，一旦被执行到将可能被拖库。

 

抓取log的方法：

/var/log/nginx# 
//查看全部404， 基本都是瞎蒙的
grep '404' * 
//特定的zmeu,比较少
grep 'ZmEu' * 

 

 

1.各种setup.install都要留在/var/www之外才好；或者用完删除

2./var/www子目录必须拒绝直接访问。

 

50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 97 1.702 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 97 0.186 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 97 2.167 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 97 1.315 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 404 97 0.927 "-" "ZmEu" -
50.62.140.10 - - [21/Feb/2014:16:40:01 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 97 0.553 "-" "ZmEu" -