webサーバのログの分析 8月分

2021-10-05 技術系

公開しているwebサーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

PHPUnitの脆弱性

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Microsoft Exchange Online Exchange 管理センターの通信

サービスを利用しているかの調査通信のようです。 誤差かもしれませんが先月から少しずつ増えてきているのが気になります。

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application

不審な通信の一覧

uri count percent
* 322 6.227035
/sellers.json 118 2.281957
/wp-login.php 84 1.624444
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 80 1.547090
/post/wp-login.php 80 1.547090
//css/style.css 77 1.489074
/index.xml 57 1.102301
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application 55 1.063624
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 39 0.754206
//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 39 0.754206
/console/ 38 0.734868
/wp-content/plugins/wp-file-manager/readme.txt 37 0.715529
/mifs/.;/services/LogService 37 0.715529
/api/jsonws/invoke 37 0.715529
/Autodiscover/Autodiscover.xml 37 0.715529
/owa/auth/logon.aspx 36 0.696190
/_ignition/execute-solution 36 0.696190
/post/20210307 34 0.657513
/config/getuser?index=0 33 0.638174
//css/custom.css 33 0.638174
/categories/%E6%98%A0%E7%94%BB 32 0.618836
/ads.txt 32 0.618836
http://passport.baidu.com/ 30 0.580159
/owa/auth/x.js 30 0.580159
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f 29 0.560820
mstshash=Administr 28 0.541481
/actuator/health 27 0.522143
/categories/%E6%97%A5%E8%A8%98 26 0.502804
/tags/%E3%82%B9%E3%82%AD%E3%83%A3%E3%83%B3%E3%83%84%E3%83%BC%E3%83%AB 25 0.483465
/categories/%E6%8A%80%E8%A1%93%E7%B3%BB 25 0.483465
/post/20201116 24 0.464127
/post/20200910 24 0.464127
/post/20200217_hugo_theme/site_icons/icon-192x192.png 24 0.464127
/.env 23 0.444788
/tags/hugo 22 0.425450
/GponForm/diag_Form?style/ 22 0.425450
/tags/%E3%83%AD%E3%82%B0%E3%81%AE%E5%88%86%E6%9E%90 20 0.386772
/contact 20 0.386772
/dns-query?dns=KhUBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE 14 0.270741
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ 9 0.174048
/system_api.php 8 0.154709
/streaming/clients_live.php 8 0.154709
/stream/live.php 8 0.154709
/stalker_portal/c/version.js 8 0.154709
/flu/403.html 8 0.154709
/c/version.js 8 0.154709
/archives 8 0.154709
//a2billing/customer/templates/default/footer.tpl 7 0.135370
http://fuwu.sogou.com/404/index.html 6 0.116032
/manager/html 6 0.116032
/.git/config 6 0.116032
/recordings/theme/main.css 5 0.096693
/autodiscover/autodiscover.json?@foo.com/mapi/emsmdb/?&Email=autodiscover/autodiscover.json%3f@foo.com 5 0.096693
/.well-known/security.txt 5 0.096693
\xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1 4 0.077354
/sdk 4 0.077354
/manager/text/list 4 0.077354
/login 4 0.077354
/index.php?xml_sitemap=params= 4 0.077354
/ReportServer 4 0.077354
/HNAP1 4 0.077354
\x00\x00\x00\x0E2O\xAAC\xE92g\xC2W’\x17+\x1D\xD9\xC1\xF3,kN\x17\x14 3 0.058016
85.206.160.115:80 3 0.058016
7 3 0.058016
/web_shell_cmd.gch 3 0.058016
/status%3E%3Cscript%3Ealert(31337)%3C%2Fscript%3E 3 0.058016
/status 3 0.058016
/owa/auth.owa 3 0.058016
/nginx.conf 3 0.058016
/config.js 3 0.058016
/c99.php 3 0.058016
/autodiscover/autodiscover.json?@evil.corp/ews/exchange.asmx?&Email=autodiscover/autodiscover.json%3F@evil.corp 3 0.058016
/apple-touch-icon.png 3 0.058016
/apple-touch-icon-precomposed.png 3 0.058016
/3000D00E0000FFFF3F0031313744373731343634304537353046007A7A7A7A7A7A7A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000008047A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000 3 0.058016
/.DS_Store 3 0.058016
*G_\x9F\xC8\x16\x80\x04jt\x90\xD9\xAB(\x8D\xF7\xAF\xD7\xD7\xE4Mw\x00l\xC76(\xA2b\xCA\xF9 O]\xF2\x22\x04\x00\xF8#\xA3f\x09f\xDBQ6\xD5z\xD3\xBC\xDA\x1A+w\xEA\xE7\xA4\x0B\xE7\xD7\x802\xD4A\xEA\xD0\xD2\xB45\xE7\x8F\x92\xD5\xB5N\xD8\xCC\xAF\xFDL:K\xB8\x00\x0B0\xED\x9D\xB8\xE8\x9D\x13\x97\xB4\xE9 3
http://5.188.210.227/echo.php 2 0.038677
hotmail-com.olc.protection.outlook.com:25 2 0.038677
/zdrtyhmcfghn 2 0.038677
/wp-json/trx_addons/v2/get/sc_layout?sc=print_r 2 0.038677
/wp-content/uploads/upload_index.php?auth=f02pz3831W0DTtLgq26L 2 0.038677
/wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php 2 0.038677
/vendor/.env 2 0.038677

follow us in feedly

comments powered by Disqus

関連記事

新着記事