SkyArts.com - SkyArtsメンバー

CGIスキャンの危険性と実体

　これまでいくつかの書籍や雑誌記事に置いてCGIスキャンの危険性について書いてきましたが、昨日これまでで一番最悪のCGIスキャンがSkyArtsサイトに対して行われたためその実体を公表するべくここに掲載します。この一番最悪というのは、同一犯人が乗っ取った多数のサーバを利用して短時間の間に継続してスキャンを行っていると思われるからです。

　以下にWebサーバのログをあえてそのまま掲載します。Webサーバのログを見ることができる方であれば乗っ取られて踏み台になっているサーバが多いことに気が付くでしょう。
　乗っ取られて踏み台になっているサーバの管理者はこれを見て乗っ取られている事実を知って欲しいです。ただ、すべて海外のサーバなのでそれは無理かな。
　また、スキャンしているCGI名もこれで良くわかるはずです。このようにスキャンで使用されるCGI名、およびspamメール送信の踏み台にされてしまう造りのCGIを使用することは避けるべきなのです。

　なお、CGIスキャンの危険性、Webアプリケーション開発時のセキュリティ注意点についての社員教育なども承っています！

63.239.116.254 - - [04/Jul/2004:06:15:49 +0000] "POST /cgi-bin/cgiemail/forms/contact.txt HTTP/1.0" 404 300 "http://www.skyarts.com/" "-"
www.mcdaniel.hu - - [04/Jul/2004:06:15:50 +0000] "POST /cgi-bin/formmail.pl HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
mail.ccgvp.com - - [04/Jul/2004:06:15:52 +0000] "POST /cgi-bin/contact.cgi HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
wsip-68-110-130-167.ga.at.cox.net - - [04/Jul/2004:06:15:55 +0000] "POST /cgi-bin/mailform.pl HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
customer68-117-221.iplannetworks.net - - [04/Jul/2004:06:15:57 +0000] "POST /cgi-bin/formmail.cgi HTTP/1.0" 404 286 "http://www.skyarts.com/" "-"
ool-182d19ae.dyn.optonline.net - - [04/Jul/2004:06:16:00 +0000] "POST /cgi-bin/FormMail.pl HTTP/1.1" 404 297 "http://www.skyarts.com/" "-"
209.177.203.54 - - [04/Jul/2004:06:16:01 +0000] "POST /mail.cgi HTTP/1.0" 404 274 "http://www.skyarts.com/" "-"
www.utilitydatacorp.net - - [04/Jul/2004:06:16:02 +0000] "POST /cgi-bin/fmail.pl HTTP/1.0" 404 282 "http://www.skyarts.com/" "-"
ip67-94-167-58.z167-94-67.customer.algx.net - - [04/Jul/2004:06:16:03 +0000] "POST /cgi-bin/form.cgi HTTP/1.0" 404 282 "http://www.skyarts.com/" "-"
ip67-94-60-18.z60-94-67.customer.algx.net - - [04/Jul/2004:06:16:04 +0000] "POST /cgi-bin/contact.pl HTTP/1.0" 404 284 "http://www.skyarts.com/" "-"
palma-tumys-www.sasro.sk - - [04/Jul/2004:06:16:09 +0000] "POST /cgi/formmail HTTP/1.1" 404 290 "http://www.skyarts.com/" "-"
nurper.cu.edu.tr - - [04/Jul/2004:06:16:11 +0000] "POST /cgi-bin/mail.cgi HTTP/1.0" 404 282 "http://www.skyarts.com/" "-"
host126-101.rancor.birch.net - - [04/Jul/2004:06:16:12 +0000] "POST /formmail.pl HTTP/1.1" 404 289 "http://www.skyarts.com/" "-"
dpvc-68-162-220-233.bos.east.verizon.net - - [04/Jul/2004:06:16:19 +0000] "POST /cgi-bin/feedback.cgi HTTP/1.0" 404 286 "http://www.skyarts.com/" "-"
rrcs-central-24-123-115-162.biz.rr.com - - [04/Jul/2004:06:16:29 +0000] "POST /contact.cgi HTTP/1.1" 404 289 "http://www.skyarts.com/" "-"
user68.footexperts.com - - [04/Jul/2004:06:16:33 +0000] "POST /form-bin/deliver HTTP/1.0" 404 282 "http://www.skyarts.com/" "-"
ip67-94-167-58.z167-94-67.customer.algx.net - - [04/Jul/2004:06:16:34 +0000] "POST /cgi-bin/cgiemail/contact.txt HTTP/1.0" 404 294 "http://www.skyarts.com/" "-"
dns.tecma.com.mx - - [04/Jul/2004:06:16:36 +0000] "POST /cgi-bin/form.pl HTTP/1.0" 404 281 "http://www.skyarts.com/" "-"
200.83.0.201 - - [04/Jul/2004:06:16:43 +0000] "POST /cgi-bin/mailform.cgi HTTP/1.1" 404 298 "http://www.skyarts.com/" "-"
proxymail.gpjw.com - - [04/Jul/2004:06:16:44 +0000] "POST /cgi-bin/feedback.pl HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
plswh0c2.plano.webhost.eds.net - - [04/Jul/2004:06:16:45 +0000] "POST /cgi-bin/mail.pl HTTP/1.0" 404 281 "http://www.skyarts.com/" "-"
host119-34.discord.birch.net - - [04/Jul/2004:06:16:47 +0000] "POST /cgi-bin/sender.pl HTTP/1.0" 404 283 "http://www.skyarts.com/" "-"
209-232-65-47.ded.pacbell.net - - [04/Jul/2004:06:16:48 +0000] "POST /cgi-bin/mailer/mailer.cgi HTTP/1.0" 404 291 "http://www.skyarts.com/" "-"
213.178.74.213 - - [04/Jul/2004:06:16:49 +0000] "POST /cgi-bin/ezformml.cgi HTTP/1.1" 404 298 "http://www.skyarts.com/" "-"
gateway.lra-mil.de - - [04/Jul/2004:06:16:51 +0000] "POST /cgi-bin/email.cgi HTTP/1.0" 404 283 "http://www.skyarts.com/" "-"
public2.apartmentguide.com - - [04/Jul/2004:06:16:52 +0000] "POST /cgi-bin/formmail HTTP/1.1" 404 294 "http://www.skyarts.com/" "-"
209.26.56.10 - - [04/Jul/2004:06:16:53 +0000] "POST /cgi-bin/npl_mailer.cgi HTTP/1.0" 404 288 "http://www.skyarts.com/" "-"
128.121.14.116 - - [04/Jul/2004:06:16:55 +0000] "POST /cgi-bin/FormMail.cgi HTTP/1.1" 404 298 "http://www.skyarts.com/" "-"
mail.ccgvp.com - - [04/Jul/2004:06:16:55 +0000] "POST /cgi-bin/email.pl HTTP/1.0" 404 282 "http://www.skyarts.com/" "-"
res.pwave-fw01.inetu.net - - [04/Jul/2004:06:16:56 +0000] "POST /cgi-bin/BFormMail.pl HTTP/1.1" 404 298 "http://www.skyarts.com/" "-"
uslec-66-43-173-226.cust.uslec.net - - [04/Jul/2004:06:17:12 +0000] "POST /cgi-bin/contactus.cgi HTTP/1.0" 404 287 "http://www.skyarts.com/" "-"
shcprague-gts.comp.cz - - [04/Jul/2004:06:17:17 +0000] "POST /cgi-bin/mailer.cgi HTTP/1.0" 404 284 "http://www.skyarts.com/" "-"
st-209-175-79-77.d70.k12.il.us - - [04/Jul/2004:06:17:18 +0000] "POST /cgi-bin/friends.cgi HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
66.35.206.150 - - [04/Jul/2004:06:17:18 +0000] "POST /cgi-bin/contactus.cgi HTTP/1.1" 404 299 "http://www.skyarts.com/" "-"
ppp-6-146-252-213.dsl.bbone.goetel.net - - [04/Jul/2004:06:17:19 +0000] "POST /formmail.cgi HTTP/1.0" 404 278 "http://www.skyarts.com/" "-"
gateway.knv.nl - - [04/Jul/2004:06:17:37 +0000] "POST /cgi-bin/tellafriend.cgi HTTP/1.0" 404 289 "http://www.skyarts.com/" "-"
12-222-37-30.client.insightbb.com - - [04/Jul/2004:06:17:38 +0000] "POST /cgi/contact.cgi HTTP/1.1" 404 293 "http://www.skyarts.com/" "-"
66-208-138-28.arpa.kmcmail.net - - [04/Jul/2004:06:17:40 +0000] "POST /cgi/FormMail.pl HTTP/1.1" 404 293 "http://www.skyarts.com/" "-"
217.207.136.226 - - [04/Jul/2004:06:17:41 +0000] "POST /cgi-bin/mailto.cgi HTTP/1.0" 404 284 "http://www.skyarts.com/" "-"
s01060080c851bbda.du.shawcable.net - - [04/Jul/2004:06:17:43 +0000] "POST /cgi-bin/af.cgi HTTP/1.1" 404 292 "http://www.skyarts.com/" "-"
sm2.passthison.com - - [04/Jul/2004:06:17:44 +0000] "POST /cgi-bin/cgiemail/mailtemp.txt HTTP/1.1" 404 307 "http://www.skyarts.com/" "-"
insight.tobin.com - - [04/Jul/2004:06:17:45 +0000] "POST /dp_tellafriend/scripts/tellafriend.cgi HTTP/1.1" 404 316 "http://www.skyarts.com/" "-"
pennywise.fatport.com - - [04/Jul/2004:06:17:46 +0000] "POST /cgi-bin/tell/tell.cgi HTTP/1.1" 404 299 "http://www.skyarts.com/" "-"
65.120.143.200 - - [04/Jul/2004:06:17:47 +0000] "POST /cgi-bin/mailto.pl HTTP/1.1" 404 295 "http://www.skyarts.com/" "-"
mail.ccgvp.com - - [04/Jul/2004:06:17:48 +0000] "POST /cgi-bin/referral.cgi HTTP/1.0" 404 286 "http://www.skyarts.com/" "-"
200.48.218.179 - - [04/Jul/2004:06:18:07 +0000] "POST /email.cgi HTTP/1.0" 404 275 "http://www.skyarts.com/" "-"
207.44.198.13 - - [04/Jul/2004:06:18:23 +0000] "POST /cgi-bin/contactus.pl HTTP/1.1" 404 298 "http://www.skyarts.com/" "-"
sacssrv2.sacs.org - - [04/Jul/2004:06:18:24 +0000] "POST /cgi-bin/contactus.pl HTTP/1.0" 404 286 "http://www.skyarts.com/" "-"
209-234-135-250.gen.twtelecom.net - - [04/Jul/2004:06:18:25 +0000] "POST /cgi-bin/anymail.cgi HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
193.129.22.146 - - [04/Jul/2004:06:18:27 +0000] "POST /cgi-bin/chfeedback.pl HTTP/1.1" 404 299 "http://www.skyarts.com/" "-"
62.161.77.185 - - [04/Jul/2004:06:18:35 +0000] "POST /cgi-bin/af.pl HTTP/1.0" 404 279 "http://www.skyarts.com/" "-"
168.9.85.227 - - [04/Jul/2004:06:18:40 +0000] "POST /cgi-bin/mailer.pl HTTP/1.0" 404 283 "http://www.skyarts.com/" "-"
208.185.16.39.available.above.net - - [04/Jul/2004:06:18:43 +0000] "POST /cgi-bin/af.pl HTTP/1.0" 404 279 "http://www.skyarts.com/" "-"
22k312.d22p312.k12.ny.us - - [04/Jul/2004:06:18:44 +0000] "POST /cgi-bin/asomail.cgi HTTP/1.0" 404 285 "http://www.skyarts.com/" "-"
209.184.108.162 - - [04/Jul/2004:06:18:57 +0000] "POST /formmail/formmail.cgi HTTP/1.0" 404 287 "http://www.skyarts.com/" "-"
162.6.217.199 - - [04/Jul/2004:06:18:58 +0000] "POST /cgi-bin/formtomail.pl HTTP/1.0" 404 287 "http://www.skyarts.com/" "-"
ws4.net168.srvusd.k12.ca.us - - [04/Jul/2004:06:18:58 +0000] "POST /cgi-bin/mailto HTTP/1.0" 404 280 "http://www.skyarts.com/" "-"
168.9.85.227 - - [04/Jul/2004:06:19:09 +0000] "POST /cgi-bin/tellafriend.pl HTTP/1.0" 404 288 "http://www.skyarts.com/" "-"