ПРОБЛЕМА Взломали ферму

APTEMOH · 23 Июл 2018

taburetus написал(а):
была странная ссылка я ее быстро удалил.. даже не глянул что там. стоит платежный пароль и привязка кошелька.. щас еще проверку кошелька сделать хочу на выводе.

Все это до одного места если нет защиты. Речь о пресловутой фильтрации. Одно из самых главных - это кавычки (одинарные ' и двойные ")
Есть что-то из защиты (фильтрации) на платежном пароле, кошельке и т.д.

Zhulif · 23 Июл 2018

Друган поставь фильтрацию и будет тебе счастье

Zhulif · 23 Июл 2018

Вставляем данный код;

PHP:

error_reporting(0); // вывод ошибок




if($_GET['menu']!='admin' && 'support'){
function limpiarez($mensaje){
$mensaje = htmlspecialchars(trim($mensaje));
$mensaje = str_replace("'","?",$mensaje);
$mensaje = str_replace(";","¦",$mensaje);
$mensaje = str_replace("$"," USD ",$mensaje);
$mensaje = str_replace("<","?",$mensaje);
$mensaje = str_replace(">","?",$mensaje);
$mensaje = str_replace('"',"”",$mensaje);
$mensaje = str_replace("%27"," ",$mensaje);
$mensaje = str_replace("0x29"," ",$mensaje);
$mensaje = str_replace("& amp ","&",$mensaje);
return $mensaje;
}

foreach($HTTP_POST_VARS as $i => $value){$HTTP_POST_VARS[$i]=limpiarez($HTTP_POST_VARS[$i]);}
foreach($HTTP_GET_VARS as $i => $value){$HTTP_GET_VARS[$i]=limpiarez($HTTP_GET_VARS[$i]);}
foreach($_POST as $i => $value){$_POST[$i]=limpiarez($_POST[$i]);}
foreach($_GET as $i => $value){$_GET[$i]=limpiarez($_GET[$i]);}
foreach($_COOKIE as $i => $value){$_COOKIE[$i]=limpiarez($_COOKIE[$i]);}


foreach($HTTP_POST_VARS as $i => $value){$HTTP_POST_VARS[$i]=stripslashes($HTTP_POST_VARS[$i]);}
foreach($HTTP_GET_VARS as $i => $value){$HTTP_GET_VARS[$i]=stripslashes($HTTP_GET_VARS[$i]);}
foreach($_POST as $i => $value){$_POST[$i]=stripslashes($_POST[$i]);}
foreach($_GET as $i => $value){$_GET[$i]=stripslashes($_GET[$i]);}
foreach($_COOKIE as $i => $value){$_COOKIE[$i]=stripslashes($_COOKIE[$i]);}

################## Фильтрация всех POST и GET #######################################
function filter_sf(&$sf_array) 
{ 
while (list ($X,$D) = each ($sf_array)): 
$sf_array[$X] = limpiarez(mysql_escape_string(strip_tags(htmlspecialchars($D))));
endwhile;
} 
filter_sf($_GET);
filter_sf($_POST); 
#####################################################################################

function anti_sql() 
{
$check = html_entity_decode( urldecode( $_SERVER['REQUEST_URI'] ) );
$check = str_replace( "", "/", $check );

$check = mysql_real_escape_string($str);
$check = trim($str); 
$check = array("AND","UNION","SELECT","WHERE","INSERT","UPDATE","DELETE","OUTFILE","FROM","OR","SHUTDOWN","CHANGE","MODIFY","RENAME","RELOAD","ALTER","GRANT","DROP","CONCAT","cmd","exec");
$check = str_replace($check,"",$str);


if( $check ) 
{
if((strpos($check, '<')!==false) || (strpos($check, '>')!==false) || (strpos($check, '"')!==false) || (strpos($check,"'")!==false) || (strpos($check, '*')!==false) || (strpos($check, '(')!==false) || (strpos($check, ')')!==false) || (strpos($check, ' ')!==false) || (strpos($check, ' ')!==false) || (strpos($check, ' ')!==false) ) 
{
$prover = true;
}

if((strpos($check, 'src')!==false) || (strpos($check, 'img')!==false) || (strpos($check, 'OR')!==false) || (strpos($check, 'Image')!==false) || (strpos($check, 'script')!==false) || (strpos($check, 'jаvascript')!==false) || (strpos($check, 'language')!==false) || (strpos($check, 'document')!==false) || (strpos($check, 'cookie')!==false) || (strpos($check, 'gif')!==false) || (strpos($check, 'png')!==false) || (strpos($check, 'jpg')!==false) || (strpos($check, 'js')!==false) ) 
{
$prover = true;
}

}

if (isset($prover))
{
die( "Попытка атаки на сайт или введены запрещённые символы!" );
return false;
exit;
}
}
anti_sql();

}

все это в индекс запихай

pligin · 23 Июл 2018

Zhulif написал(а):
Вставляем данный код;

error_reporting(0); // вывод ошибок

if($_GET['menu']!='admin' && 'support'){
function limpiarez($mensaje){
$mensaje = htmlspecialchars(trim($mensaje));
$mensaje = str_replace("'","?",$mensaje);
$mensaje = str_replace(";","¦",$mensaje);
$mensaje = str_replace("$"," USD ",$mensaje);
$mensaje = str_replace("<","?",$mensaje);
$mensaje = str_replace(">","?",$mensaje);
$mensaje = str_replace('"',"”",$mensaje);
$mensaje = str_replace("%27"," ",$mensaje);
$mensaje = str_replace("0x29"," ",$mensaje);
$mensaje = str_replace("& amp ","&",$mensaje);
return $mensaje;
}

foreach($HTTP_POST_VARS as $i => $value){$HTTP_POST_VARS[$i]=limpiarez($HTTP_POST_VARS[$i]);}
foreach($HTTP_GET_VARS as $i => $value){$HTTP_GET_VARS[$i]=limpiarez($HTTP_GET_VARS[$i]);}
foreach($_POST as $i => $value){$_POST[$i]=limpiarez($_POST[$i]);}
foreach($_GET as $i => $value){$_GET[$i]=limpiarez($_GET[$i]);}
foreach($_COOKIE as $i => $value){$_COOKIE[$i]=limpiarez($_COOKIE[$i]);}

foreach($HTTP_POST_VARS as $i => $value){$HTTP_POST_VARS[$i]=stripslashes($HTTP_POST_VARS[$i]);}
foreach($HTTP_GET_VARS as $i => $value){$HTTP_GET_VARS[$i]=stripslashes($HTTP_GET_VARS[$i]);}
foreach($_POST as $i => $value){$_POST[$i]=stripslashes($_POST[$i]);}
foreach($_GET as $i => $value){$_GET[$i]=stripslashes($_GET[$i]);}
foreach($_COOKIE as $i => $value){$_COOKIE[$i]=stripslashes($_COOKIE[$i]);}

################## Фильтрация всех POST и GET #######################################
function filter_sf(&$sf_array)
{
while (list ($X,$D) = each ($sf_array)):
$sf_array[$X] = limpiarez(mysql_escape_string(strip_tags(htmlspecialchars($D))));
endwhile;
}
filter_sf($_GET);
filter_sf($_POST);
#####################################################################################

function anti_sql()
{
$check = html_entity_decode( urldecode( $_SERVER['REQUEST_URI'] ) );
$check = str_replace( "", "/", $check );

$check = mysql_real_escape_string($str);
$check = trim($str);
$check = array("AND","UNION","SELECT","WHERE","INSERT","UPDATE","DELETE","OUTFILE","FROM","OR","SHUTDOWN","CHANGE","MODIFY","RENAME","RELOAD","ALTER","GRANT","DROP","CONCAT","cmd","exec");
$check = str_replace($check,"",$str);

if( $check )
{
if((strpos($check, '<')!==false) || (strpos($check, '>')!==false) || (strpos($check, '"')!==false) || (strpos($check,"'")!==false) || (strpos($check, '*')!==false) || (strpos($check, '(')!==false) || (strpos($check, ')')!==false) || (strpos($check, ' ')!==false) || (strpos($check, ' ')!==false) || (strpos($check, ' ')!==false) )
{
$prover = true;
}

if((strpos($check, 'src')!==false) || (strpos($check, 'img')!==false) || (strpos($check, 'OR')!==false) || (strpos($check, 'Image')!==false) || (strpos($check, 'script')!==false) || (strpos($check, 'jаvascript')!==false) || (strpos($check, 'language')!==false) || (strpos($check, 'document')!==false) || (strpos($check, 'cookie')!==false) || (strpos($check, 'gif')!==false) || (strpos($check, 'png')!==false) || (strpos($check, 'jpg')!==false) || (strpos($check, 'js')!==false) )
{
$prover = true;
}

}

if (isset($prover))
{
die( "Попытка атаки на сайт или введены запрещённые символы!" );
return false;
exit;
}
}
anti_sql();

}
все это в индекс запихай

Оформи код как положено

Zhulif · 23 Июл 2018

pligin написал(а):
Оформи код как положено

а что не так

pligin · 23 Июл 2018

Zhulif написал(а):
а что не так

Твой код
$var = dbjccgbnvc;
Правильный код

PHP:

$var = dbjccgbnvc;

Разница заметна?

Zhulif · 23 Июл 2018

pligin написал(а):
Твой код
$var = dbjccgbnvc;
Правильный код

PHP:

$var = dbjccgbnvc;

Разница заметна?

все изменил

taburetus1 · 23 Июл 2018

это я в индекс запихал)

taburetus1 · 15 Сен 2018

Это опять я... Стоит фильтрация везде!!!!!!! Но.... злодей накрутил счет себе.... Вопрос как? Подскажите умные люди....

APTEMOH · 15 Сен 2018

taburetus написал(а):
Это опять я... Стоит фильтрация везде!!!!!!! Но.... злодей накрутил счет себе.... Вопрос как? Подскажите умные люди....

Видимо не везде. Логично?
Покупка деревьев (или что у тебя) по одному или можно ввести кол-во? Если можно то напиши число с минусом.

taburetus1 · 15 Сен 2018

по одному покупка

taburetus1 · 15 Сен 2018

накрутил баланс на вывод..

jameson · 15 Сен 2018

Везде не везде, суть не в этом как мы найдем твою дыру, если твоих нынешних актуальных файлов на 16 :46:

00 (МСК) не видим?

taburetus1 · 15 Сен 2018

какие нужны?

taburetus1 · 15 Сен 2018

и реферал у него один

jameson · 15 Сен 2018

в идеале все, еще бы и логи не помешали бы. С другой стороны если знать куда и какой post/get запрос послать, никакая фильтрация не спасет

taburetus1 · 15 Сен 2018

151.66.22.204 - - [15/Sep/2018:14 :56:

18 +0300] "GET /signup HTTP/1.0" 200 4513 "http://gnomania.ml/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

18 +0300] "GET /captcha.php?rnd=6783 HTTP/1.0" 200 12649 "http://gnomania.ml/signup" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

33 +0300] "POST /signup HTTP/1.0" 200 4493 "http://gnomania.ml/signup" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

33 +0300] "GET /captcha.php?rnd=9184 HTTP/1.0" 200 11241 "http://gnomania.ml/signup" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

46 +0300] "POST /signup HTTP/1.0" 302 11955 "http://gnomania.ml/signup" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

46 +0300] "GET /account HTTP/1.0" 200 5534 "http://gnomania.ml/signup" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

53 +0300] "GET /account/payment HTTP/1.0" 200 4961 "http://gnomania.ml/account" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

55 +0300] "GET /account/payment_payeer HTTP/1.0" 200 4904 "http://gnomania.ml/account/payment" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

57 +0300] "GET /account/favicon.ico HTTP/1.0" 404 474 "http://gnomania.ml/account/payment_payeer" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

58 +0300] "GET /account HTTP/1.0" 200 5534 "http://gnomania.ml/account/payment_payeer" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :56:

59 +0300] "GET /account/referals HTTP/1.0" 200 5377 "http://gnomania.ml/account" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :57:

02 +0300] "GET /account/farm HTTP/1.0" 200 5952 "http://gnomania.ml/account/referals" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :57:

46 +0300] "GET /account/payment HTTP/1.0" 200 4961 "http://gnomania.ml/account/farm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :57:

48 +0300] "GET /account/farm HTTP/1.0" 200 5952 "http://gnomania.ml/account/payment" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :58:

06 +0300] "POST /account/farm HTTP/1.0" 200 5952 "http://gnomania.ml/account/farm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14 :58:

12 +0300] "GET /account/market HTTP/1.0" 200 5447 "http://gnomania.ml/account/farm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14:59:18 +0300] "POST /account/market HTTP/1.0" 200 5487 "http://gnomania.ml/account/market" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14:59:24 +0300] "GET / HTTP/1.0" 200 5726 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14:59:32 +0300] "GET /account/lottery1 HTTP/1.0" 200 5366 "http://gnomania.ml/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14:59:52 +0300] "GET /account/lottery1 HTTP/1.0" 200 5366 "http://gnomania.ml/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:14:59:56 +0300] "GET /account/buyref HTTP/1.0" 200 11112 "http://gnomania.ml/account/lottery1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:00:08 +0300] "POST /account/buyref HTTP/1.0" 302 126551 "http://gnomania.ml/account/buyref" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:00:09 +0300] "GET /account/buyref HTTP/1.0" 200 11098 "http://gnomania.ml/account/buyref" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:00:14 +0300] "GET /account/payment HTTP/1.0" 200 4962 "http://gnomania.ml/account/buyref" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:00:16 +0300] "GET /account/payment_payeer HTTP/1.0" 200 4905 "http://gnomania.ml/account/payment" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:00:26 +0300] "GET /account HTTP/1.0" 200 5539 "http://gnomania.ml/account/payment_payeer" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:00:41 +0300] "GET /account/payment HTTP/1.0" 200 4962 "http://gnomania.ml/account" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:02:18 +0300] "GET /account/payment HTTP/1.0" 200 4962 "http://gnomania.ml/account/payment" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:02:20 +0300] "GET /account/payment_payeer HTTP/1.0" 200 4905 "http://gnomania.ml/account/payment" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:02:24 +0300] "GET /account/referals HTTP/1.0" 200 5431 "http://gnomania.ml/account/payment_payeer" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:02:26 +0300] "GET /account/security HTTP/1.0" 200 5357 "http://gnomania.ml/account/referals" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:02:59 +0300] "POST /account/security HTTP/1.0" 302 15897 "http://gnomania.ml/account/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:02:59 +0300] "GET /account/security HTTP/1.0" 200 5379 "http://gnomania.ml/account/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:03:03 +0300] "GET /account/deposit HTTP/1.0" 200 5468 "http://gnomania.ml/account/security" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:03:08 +0300] "GET /faq HTTP/1.0" 200 6136 "http://gnomania.ml/account/deposit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:03:28 +0300] "GET /stats HTTP/1.0" 200 8810 "http://gnomania.ml/faq" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:03:50 +0300] "GET /rules HTTP/1.0" 200 6577 "http://gnomania.ml/stats" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:03:54 +0300] "GET /news HTTP/1.0" 302 17296 "http://gnomania.ml/rules" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"
151.66.22.204 - - [15/Sep/2018:15:03:54 +0300] "GET /news HTTP/1.0" 200 5613 "http://gnomania.ml/rules" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44 (Edition Campaign 34)"

taburetus1 · 15 Сен 2018

вот где злодей был

jameson · 15 Сен 2018

скорее всего накрутка через рефку

APTEMOH · 15 Сен 2018

Чей скрипт? Кто от дыр закрывал?