webサーバのログの分析 7月分

2021-08-07 技術系

公開しているwebサーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

PHPUnitの脆弱性

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   

laravelの脆弱性を利用した攻撃

/_ignition/execute-solution

MobileIronが提供する複数のモバイルデバイス管理製品の脆弱性を利用した攻撃

JVNDB-2020-007560 - JVN iPedia - 脆弱性対策情報データベース

/mifs/.;/services/LogService

WordPress 用プラグイン File Manager の調査

WordPress 用プラグイン File Manager の脆弱性について

/wp-content/plugins/wp-file-manager/readme.txt

Microsoft Exchange が動いているかの調査

OutlookのAutodiscover機能が動いているときにアクセスされるファイルです。

/Autodiscover/Autodiscover.xml

不審な通信の一覧

uri count percent
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 88 2.626082
/index.xml 70 2.088929
/_ignition/execute-solution 41 1.223515
/mifs/.;/services/LogService 40 1.193674
/api/jsonws/invoke 40 1.193674
/wp-content/plugins/wp-file-manager/readme.txt 39 1.163832
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 39 1.163832
/console/ 39 1.163832
/Autodiscover/Autodiscover.xml 39 1.163832
/.env 38 1.133990
mstshash=Administr 33 0.984781
/ads.txt 31 0.925097
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application 30 0.895255
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f 29 0.865413
/wp-login.php 25 0.746046
/actuator/health 25 0.746046
/admin/config.php 22 0.656520
//a2billing/customer/templates/default/footer.tpl 22 0.656520
http://passport.baidu.com/ 19 0.566995
/owa/ 17 0.507311
/app-ads.txt 13 0.387944
/system_api.php 12 0.358102
/streaming/clients_live.php 12 0.358102
/stream/live.php 12 0.358102
/stalker_portal/c/version.js 12 0.358102
/c/version.js 12 0.358102
/post/wp-login.php 11 0.328260
/config/getuser?index=0 11 0.328260
/bag2 11 0.328260
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ 10 0.298418
/GponForm/diag_Form?style/ 9 0.268577
/aab9 8 0.238735
/aaa9 8 0.238735
//.env 8 0.238735
/.well-known/security.txt 8 0.238735
/.git/config 8 0.238735
http://fuwu.sogou.com/404/index.html 7 0.208893
/web_shell_cmd.gch 6 0.179051
httpbin.org:443 5 0.149209
7 4 0.119367
/~champiot/Laravel%20E2N%20test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 4 0.119367
/~champiot/Laravel%20E2N%20test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 4 0.119367
/login 4 0.119367
/flu/403.html 4 0.119367
/ReportServer 4 0.119367
//wp-content/ 4 0.119367
85.206.160.115:80 3 0.089526
/webfig/ 3 0.089526
/solr/ 3 0.089526
/remote/login 3 0.089526
/public/.env 3 0.089526
/owa/auth/logon.aspx 3 0.089526
/manager/text/list 3 0.089526
/manager/html 3 0.089526
/index.php?xml_sitemap=params= 3 0.089526
/index.php 3 0.089526
/cgi-bin/config.exp 3 0.089526
/cache.php 3 0.089526
/Telerik.Web.UI.WebResource.axd?type=rau 3 0.089526
//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 3 0.089526
http://freeze.na4u.ru/ip.php?Z71016245862Q1 2 0.059684
http://5.188.210.227/echo.php 2 0.059684
hotmail-com.olc.protection.outlook.com:25 2 0.059684
\xBF\x02\x00\x88\x13\x00\x00\x87\x00\x00\x00NIMABIJIAN\x04\x03\x00\x00{\x99Caig\x9C\x03\xC7eB\xC5\x09\xC1\x18a\x11\x1A\x91\x1F\x02\x09cof\x91\xC0\x80sJ5\xD2\x80\xE6\x9A~\xB9\xC7\x83^\x96\xEEN\x16\x96\x96&\xE6\x03\xEA\xBC\x81\x02=\xAC\x10\xFA?7\x03\xC3\xDF\xF7\xE4\x98`p\xE6\x8D\xC1\xA9\x8D\xC6\x06\xDB\xAF\x91\xE7\x82s\xF7\x14H\xD4\xE1W\x9A\x93C\x9E]\xA4\x01#\x03#\x03]\x03c]CC\x05C\x03+S\x03b\xF4\x00\x00/\x9E\x16E | 2 | 0.059684 |
\x00\x00\x00\x0E2O\xAAC\xE92g\xC2W’\x17+\x1D\xD9\xC1\xF3,kN\x17\x14 2 0.059684
91.201.52.66:80 2 0.059684
/wp-includes/css/wp-config.php 2 0.059684
/wp-includes/class.wp-date.php 2 0.059684
/wp-content/wp-plugins/wptimetoread/vendor/kdaviesnz/timetoread/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/wptimetoread/vendor/kdaviesnz/timetoread/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/wp-heyloyalty/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/wp-heyloyalty/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/user-export-with-their-meta-data/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/user-export-with-their-meta-data/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/shortcode-tumblr-gallery/includes/lib/Guzzle/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/shortcode-tumblr-gallery/includes/lib/Guzzle/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/rollbar/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/rollbar/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/product-lister-walmart/marketplaces/walmart/lib/walmart-signature/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/product-lister-walmart/marketplaces/walmart/lib/walmart-signature/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/mir-ad-network/base58php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/mir-ad-network/base58php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/message-business/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/message-business/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/wp-plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/wp-plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/uploads/2019/02/20190217.png 2 0.059684
/wp-content/themes/twentyseventeen/footer.php 2 0.059684
/wp-content/themes/enfold-child/update_script/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/themes/enfold-child/update_script/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684
/wp-content/plugins/woocommerce-software-license-manager/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2 0.059684
/wp-content/plugins/woocommerce-software-license-manager/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin 2 0.059684

ブログランキング・にほんブログ村へ follow us in feedly

関連記事

新着記事

comments powered by Disqus