{"id":88,"date":"2021-04-21T15:56:16","date_gmt":"2021-04-21T06:56:16","guid":{"rendered":"https:\/\/rfsec.ddns.net\/db\/?page_id=88"},"modified":"2021-05-27T16:04:36","modified_gmt":"2021-05-27T07:04:36","slug":"access","status":"publish","type":"page","link":"https:\/\/rfsec.ddns.net\/db\/?page_id=88","title":{"rendered":"\u65e5\u3005\u306e\u602a\u3057\u3052\u306a\u30a2\u30af\u30bb\u30b9\u5143\u30c8\u30c3\u30d7\uff15"},"content":{"rendered":"\n

\u30ed\u30b0\u8868\u793a<\/strong><\/a><\/p>\n\n\n\n

apache\u306e\u30a2\u30af\u30bb\u30b9\u30ed\u30b0(\/var\/log\/apache2\/access.log.*)\u3092\u89e3\u6790\u3057\u3001\u5b58\u5728\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a66\u307f\u308b\u30a2\u30af\u30bb\u30b9\u5143\u306eIP\u3068\u30a2\u30af\u30bb\u30b9\u306eRequest\u306a\u3069\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

\u30b9\u30c6\u30c3\u30d7\uff11\uff1a\u4e00\u6b21\u51e6\u7406\u3002\u5b9a\u671f\u7684\u306b\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u4e0d\u5be9\u306a\u30a2\u30af\u30bb\u30b9\u5143\u306e\u30c8\u30c3\u30d7\uff15\u3092\u51fa\u529b\u3059\u308b\u3002\uff08\u30a2\u30af\u30bb\u30b9\u56de\u6570\u3001\u30a2\u30af\u30bb\u30b9\u5143IP\u3001\u56fd\u30b3\u30fc\u30c9\uff09<\/p>\n\n\n\n

\u30b9\u30c6\u30c3\u30d7\uff12\uff1a\u30d6\u30b5\u30a6\u30b6\u30fc\u304b\u3089\u306e\u300c\u30ed\u30b0\u8868\u793a\u300d\u306e\u8981\u6c42\u306b\u3057\u305f\u304c\u3063\u3066\u3001\u904e\u53bb\uff17\u65e5\u5206\u306e\u8868\u3092\u8868\u793a\u3059\u308b\u3002\u8868\u4e2d\u306e\u30a2\u30af\u30bb\u30b9\u5143IP\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u3089\u3001\u751f\u30ed\u30b0(\/var\/log\/apache2\/access.log*)\u304b\u3089R\u8a72\u5f53\u3059\u308b\u884c\u3092\u8868\u793a\u3059\u308b\u3002<\/p>\n\n\n\n

cat \/var\/log\/apache2\/access.log \/var\/log\/apache2\/access.log.1 | \/usr\/bin\/php \/root\/apt.php<\/strong><\/p>\n\n\n\n

\u30b9\u30c6\u30c3\u30d7\uff11\uff1aapt.php\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9<\/strong><\/p>\n\n\n\n

#!\/usr\/bin\/php\n<?php\n$TOP=5;\n$PATH="\/var\/www\/html\/log"; \u3000\/\/ 1\u6b21\u51e6\u7406\u7d50\u679c\u306e\u4fdd\u5b58\u5148\n$mDB=array('Jan','Feb','Mar','Apr','May','Jun','Jly','Aug','Sep','Oct','Nov','Dec');\n\n$fp=fopen("php:\/\/stdin","r");\nwhile($in=fgets($fp)){\n        $t=explode(' ',$in);\n        $ip=$t[0];\n        $tmp=substr($t[3],1);\n        $s=explode('\/',$tmp);\n        $day=$s[0];\n        $year=substr($s[2],0,4);\n        $mo=array_search($s[1],$mDB)+1;\n        if($mo<10) $mo='0'.$mo;\n        $date=$year.$mo.$day;\n        #echo "$ip,$year$mo$day\\n";\n        if(strpos($in,' 404 ')>0){\n                @$buf[$date][$ip]++;\n        }\n}\nfclose($fp);\narsort($buf);\nforeach($buf as $date =>$ip_array){\n        arsort($ip_array);\n        echo "---$PATH\/$date---\\n";\n        $fw=fopen("$PATH\/$date.txt","w");\n        $n=0;\n        foreach($ip_array as $ip =>$count){\n        \/\/      echo "$ip,$count\\n";\n           if(substr($ip,0,10)!='192.168.68' && $ip!='::1'){\n                try{\n                $country=geoip_country_code_by_name($ip);\n                if(trim($country)=="") $country=`whois $ip | grep -m1 country | awk '{print $2}'`;\n                } catch (Exception $e ) {\n                        $country=`whois $ip | grep -m1 country | awk '{print $2}'`;\n                        if($country="") $country="??";\n                }\n                $country=trim($country);\n                $msg= "$count $ip $country\\n";\n                fwrite($fw,$msg);\n                $n++;\n                if($n>$TOP) break;\n           }\n        }\n        fclose($fw);\n}\n?><\/code><\/pre><\/div>\n\n\n\n
apt.php\u30b9\u30af\u30ea\u30d7\u30c8\u51fa\u529b\u306e\u4e00\u4f8b<\/strong><\/p>\n\n\n\n
968 43.243.222.44 HK\n61 92.63.196.29 RU\n25 45.155.205.27 RU\n16 104.131.73.21 US\n6 121.196.182.183 CN\n<\/code><\/pre>\n\n\n\n
\u30ed\u30b0\u8868\u793a\u306e\u305f\u3081\u306b\u30d6\u30e9\u30a6\u30b6\u30fc\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3059\u308bPHP\u30d5\u30a1\u30a4\u30eb<\/strong><\/p>\n\n\n\n
<HTML>\n<head>\n<link rel="stylesheet" type="text\/css" href="\/st1.css">\n<\/head>\n<?php\n$TOP=5;\n\necho "<H3>\u602a\u3057\u3044\u30a2\u30af\u30bb\u30b9\u5143\u30c8\u30c3\u30d7\uff15<\/H3>\\n";\n\nfor($i=0;$i<=7;$i++){\n        $date=date("Ymd",time()- $i * 60 * 60 * 24);    \/\/ $i days ago\n        $file="log\/$date.txt";\n        if(file_exists($file)){\n                $data=file($file);\n              $msg="<H3>$date2<\/H3>\\n";\n                if( $i % 2 ==1 ){\n                        $msg="<TABLE width=400 border=1><CAPTION><B>$date<\/B><\/CAPTION><TR>";\n                } else {\n                        $msg="<TABLE border=1><TD valign=\\"top\\">\\n<TABLE width=400 border=1><CAPTION><B>$date<\/B><\/CAPTION><TR>";\n                }\n                $n=1;\n                foreach($data as $line){\n                        $tmp=trim($line);\n                        $t=explode(' ',$tmp);\n                        for($m=0;$m<3;$m++){\n                                if($m==1){\n                                        $ip=$t[$m];\n                                        $ref="<a href=proc.php?date=$date&ip=$ip>$ip<\/a>";\n                                        $msg.="<TD>$ref<\/TD>";\n                                } else {\n                                        $msg.="<TD>$t[$m]<\/TD>";\n                                }\n                        }\n                        $msg.="<\/TR>";\n                }\n                        if( ($i % 2 ) == 1 ){\n                                $msg.="<\/TR><\/TABLE><\/TD><\/TABLE>\\n";\n                        } else {\n                                $msg.="<\/TR><\/TABLE><\/TD><TD valign=\\"top\\">";\n                        }\n                echo "$msg\\n";\n\/\/              print_r($data);\n        }\n}\n?>\n<\/HTML><\/code><\/pre><\/div>\n\n\n\n
\u751f\u30ed\u30b0\u304b\u3089\u8a72\u5f53\u7b87\u6240\u3092\u62bd\u51fa\u3059\u308b\u30b9\u30af\u30ea\u30d7\u30c8<\/p>\n\n\n\n
<?php\nif (isset($argv)){\n        $date  =$argv[1];\n        $ip    =$argv[2];\n} else {\n        $date  = htmlspecialchars($_GET["date"]);\n        $ip    = htmlspecialchars($_GET["ip"]);\n}\n$mDB=array('Jan','Feb','Mar','Apr','May','Jun','Jly','Aug','Sep','Oct','Nov','Dec');\n$year=substr($date,0,4);\n$day=substr($date,6,2);\n$mo =$mDB[(int)(substr($date,4,2))-1];\n$dateS= $day."\/".$mo."\/".$year;\n$name="\/var\/log\/apache2\/$f_name";\necho "<H3>DATE:$date  IP:$ip<\/H3>";\necho "\\n";\n$today    = date("Ymd");\n$tmp      = mktime(0, 0, 0, date("m")  , date("d")-1, date("Y"));\n$yesterday= date('Ymd',$tmp);\n\nfunction proc_msg($in,$date,$ip){\n        $msg="";\n        if(strpos($in,$ip)===0 && strpos($in,$date)>0){\n                $in=str_replace(' - - ','',$in);\n                $in=str_replace(' +0900','',$in);\n                $t=explode("\\"",$in);\n                $s=explode(':',$t[0]);\n                $time="$s[1]:$s[2]:$s[3]";\n                $time=str_replace(']','',$time);\n                $msg= "<TR><TD>$time<\/TD><TD>$t[1]<\/TD><TD>$t[2]<\/TD><\/TR>\\n";\n        }\n        return $msg;\n}\n\nfunction proc($fp,$date,$ip){\n        $msg= "<table><TR BGCOLOR=lightblue><TD>Time<\/TD><TD>Request<\/TD><TD>Result<\/TD><\/TR>\\n";\n        $n=strlen($msg);\n        while ($in=fgets($fp)){\n                $msg.=proc_msg($in,$date,$ip);\n        }\n        if(strlen($msg)>$n){\n                $msg.="<\/TABLE>";\n                echo $msg;\n        }\n        fclose($fp);\n}\n\nfunction procGZ($fp,$date,$ip){\n        $msg= "<table><TR BGCOLOR=lightblue><TD>Time<\/TD><TD>Request<\/TD><TD>Result<\/TD><\/TR>\\n";\n        $n=strlen($msg);\n        while ($in=gzgets($fp)){\n                $msg.=proc_msg($in,$date,$ip);\n        }\n        if(strlen($msg)>$n){\n                $msg.="<\/TABLE>";\n                echo $msg;\n        }\n        fclose($fp);\n}\n\n\/\/echo "$date,$today,$yesterday<BR>";\n$off=(int)$today - (int)$date;\nif($off<=2){\n        $fp1=fopen("\/var\/log\/apache2\/access.log","r");\n        proc($fp1,$dateS,$ip);\n        $fp2=fopen("\/var\/log\/apache2\/access.log.1","r");\n        proc($fp2,$dateS,$ip);\n} else {\n        $off--;\n        $gz_file="\/var\/log\/apache2\/access.log.$off.gz";\n        echo "$gz_file<BR>\\n";\n        $fp3=gzopen($gz_file,"r");\n        procGZ($fp3,$dateS,$ip);\n}\n?><\/code><\/pre><\/div>\n","protected":false},"excerpt":{"rendered":"
\u30ed\u30b0\u8868\u793a apache\u306e\u30a2\u30af\u30bb\u30b9\u30ed\u30b0(\/var\/log\/apache2\/access.log.*)\u3092\u89e3\u6790\u3057\u3001\u5b58\u5728\u3057\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a66\u307f\u308b\u30a2\u30af\u30bb\u30b9\u5143\u306eIP\u3068\u30a2\u30af\u30bb\u30b9\u306eRequest\u306a\u3069\u3092\u8868\u793a\u3057\u307e\u3059\u3002 \u30b9\u30c6\u30c3\u30d7\uff11\uff1a\u4e00 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-88","page","type-page","status-publish","hentry"],"featured_image_src":null,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/pages\/88","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88"}],"version-history":[{"count":8,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/pages\/88\/revisions"}],"predecessor-version":[{"id":207,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/pages\/88\/revisions\/207"}],"wp:attachment":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}