Hacked over Zend

S

samvelyano

New member
Joined
Feb 7, 2009
Messages
4
Hello,
please someone help me. Chinese hackers using my traffic.
I found these in my logs:
Code: 
118.167.132.84 - - [11/Apr/2009:19:39:19 -0700] "GET /www/image/embedded/mapdl.jpg HTTP/1.1" 302 509 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475543476" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)"
118.167.132.84 - - [11/Apr/2009:19:39:20 -0700] "GET /www/image/banner/shop.jpg HTTP/1.1" 302 509 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475543476" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)"
118.167.132.84 - - [11/Apr/2009:19:39:20 -0700] "GET / HTTP/1.1" 200 4411 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475543476" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)"
118.167.132.84 - - [11/Apr/2009:19:39:21 -0700] "GET / HTTP/1.1" 200 4411 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475543476" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)"
118.161.232.183 - - [11/Apr/2009:19:39:40 -0700] "GET /Type_jpg/1633_108763_74cae3034a12c1f.jpg HTTP/1.1" 302 509 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/1; Foxy/1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
61.65.64.7 - - [11/Apr/2009:19:39:40 -0700] "GET /Type_jpg/1633_108763_74cae3034a12c1f.jpg HTTP/1.1" 302 509 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
118.161.232.183 - - [11/Apr/2009:19:39:40 -0700] "GET / HTTP/1.1" 200 4411 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/1; Foxy/1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
61.65.64.7 - - [11/Apr/2009:19:39:41 -0700] "GET / HTTP/1.1" 200 4411 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
61.224.52.181 - - [11/Apr/2009:19:39:45 -0700] "GET /Type_jpg/1633_108763_74cae3034a12c1f.jpg HTTP/1.1" 302 509 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; GTB5; Foxy/1)"
61.224.52.181 - - [11/Apr/2009:19:39:46 -0700] "GET / HTTP/1.1" 200 4411 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; GTB5; Foxy/1)"
218.164.0.184 - - [11/Apr/2009:19:39:53 -0700] "GET /www/image/embedded/mapdl.jpg HTTP/1.1" 302 509 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475412955" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Foxy/1; Foxy/1)"
218.164.0.184 - - [11/Apr/2009:19:39:53 -0700] "GET /www/image/banner/shop.jpg HTTP/1.1" 302 509 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475412955" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Foxy/1; Foxy/1)"
218.164.0.184 - - [11/Apr/2009:19:39:53 -0700] "GET / HTTP/1.1" 200 4411 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475412955" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Foxy/1; Foxy/1)"
218.164.0.184 - - [11/Apr/2009:19:39:54 -0700] "GET / HTTP/1.1" 200 4411 "http://ptr205.myweb.hinet.net/ggc.htm?MywebPageId=2009121239475412955" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Foxy/1; Foxy/1)"
114.137.173.83 - - [11/Apr/2009:19:39:57 -0700] "GET /Type_jpg/1633_108763_74cae3034a12c1f.jpg HTTP/1.1" 302 509 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; Foxy/1; .NET CLR 2.0.50727)"
114.137.173.83 - - [11/Apr/2009:19:39:58 -0700] "GET / HTTP/1.1" 200 4411 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; Foxy/1; .NET CLR 2.0.50727)"
140.130.208.25 - - [11/Apr/2009:19:40:06 -0700] "GET /Type_jpg/1633_108763_74cae3034a12c1f.jpg HTTP/1.1" 302 509 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; KKman3.0; InfoPath.1)"
140.130.208.25 - - [11/Apr/2009:19:40:07 -0700] "GET / HTTP/1.1" 200 4411 "http://tw.garena.com/forum/read.php?tid=341275" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; KKman3.0; InfoPath.1)"
124.244.167.121 - - [11/Apr/2009:19:40:11 -0700] "GET /www/image/forum/fj_big.jpg HTTP/1.1" 302 509 "http://tw.garena.com/forum/thread.php?fid=1420" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Foxy/1; Foxy/1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)"
124.244.167.121 - - [11/Apr/2009:19:40:12 -0700] "GET / HTTP/1.1" 200 4411 "http://tw.garena.com/forum/thread.php?fid=1420" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Foxy/1; Foxy/1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)"
i don't know what to do. I think only this happens since i've installed zend optomizer.

Thanks
 
thanks for reply.
I've added the htaccess, but still receive the same logs, most with "GET / HTTP/1.1".
i don't understand why they'r using hotlinking with not existing files?
i have normaly apf installed, but the problem is, everytime they change their IPs, so that i can't blacklist all IPs
 
they are probably hyperlinking your site, that's a good thing, they are basically promoting your site.
 
You must log in or register to reply here.
Back
Top