ITオムライス
  1. ITオムライス
  2. Posts
  3. webサーバのログの分析2024 4月分

webサーバのログの分析2024 4月分

2024-05-29 技術系

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信

//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性

下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構

/webui/

GeoServerの脆弱性

GeoServer の深刻な脆弱性 CVE-2023-35042 が FIX:RCE 攻撃が観測されている – IoT OT Security News

/geoserver/web/

Spring Frameworkの脆弱性

Spring FrameworkのSpring Cloud Gatewayという機能の脆弱性に関する通信みたいです。
CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability

/actuator/gateway/routes

phpMyAdminへのスキャン

なんかphpMyAdminの調査する通信がめちゃくちゃ来てました。
面白くもないので迷惑です。

/sql/phpmy-admin/index.php?lang=en
/phpmyadmin2017/index.php?lang=en
/phpMyAdmin4/index.php?lang=en
/phpMyAdmin-4/index.php?lang=en
/db/phpmyadmin/index.php?lang=en
/admin/phpmyadmin/index.php?lang=en
/sql/phpmyadmin5/index.php?lang=en
/sql/phpmyadmin4/index.php?lang=en
/sql/phpmyadmin3/index.php?lang=en
/sql/phpmanager/index.php?lang=en
/sql/phpMyAdmin2/index.php?lang=en
/sql/phpMyAdmin/index.php?lang=en
/sql/myadmin/index.php?lang=en
/pma/index.php?lang=en
/phppma/index.php?lang=en
/phpmyadmin_/index.php?lang=en
/phpmyadmin6/index.php?lang=en
/phpmyadmin5/index.php?lang=en
/phpmyadmin4/index.php?lang=en
/phpmyadmin3/index.php?lang=en
/phpmyadmin2022/index.php?lang=en
/phpmyadmin2021/index.php?lang=en
/phpmyadmin2020/index.php?lang=en
/phpmyadmin2019/index.php?lang=en
/phpmyadmin2018/index.php?lang=en
/phpmyadmin2/index.php?lang=en
/phpmyadmin1/index.php?lang=en
/phpmyadmin/index.php?lang=en
/phpmyAdmin/index.php?lang=en
/phpmy/index.php?lang=en
/phpmy-admin/index.php?lang=en
/phpMyadmin/index.php?lang=en
/phpMyAdmin_/index.php?lang=en
/phpMyAdmin6/index.php?lang=en
/phpMyAdmin6.0/index.php?lang=en
/phpMyAdmin5/index.php?lang=en
/phpMyAdmin5.2/index.php?lang=en
/phpMyAdmin5.1/index.php?lang=en
/phpMyAdmin3/index.php?lang=en
/phpMyAdmin2/index.php?lang=en
/phpMyAdmin1/index.php?lang=en
/phpMyAdmin-latest/index.php?lang=en
/phpMyAdmin-latest-english/index.php?lang=en
/phpMyAdmin-latest-all-languages/index.php?lang=en
/phpMyAdmin-5/index.php?lang=en
/phpMyAdmin-5.2/index.php?lang=en
/phpMyAdmin-5.2.1/index.php?lang=en
/phpMyAdmin-5.2.1-english/index.php?lang=en
/phpMyAdmin-5.2.1-all-languages/index.php?lang=en
/phpMyAdmin-5.2.0/index.php?lang=en
/phpMyAdmin-5.2.0-all-languages/index.php?lang=en
/phpMyAdmin-5.1.3/index.php?lang=en
/phpMyAdmin-5.1.2/index.php?lang=en
/phpMyAdmin-5.1.1/index.php?lang=en
/phpMyAdmin-5.1.0/index.php?lang=en
/phpMyAdmin-4.9.7/index.php?lang=en
/phpMyAdmin-4.9.10-all-languages/index.php?lang=en
/phpMyAdmin-3/index.php?lang=en
/php-myadmin/index.php?lang=en
/php-my-admin/index.php?lang=en

データベースにアクセスする通信

これもおそらくphpMyAdminだと思いますが、WebのUIがあるDBにアクセスしようとしている通信が大量にありました。

/sqlmanager/index.php?lang=en
/sql/websql/index.php?lang=en
/sql/webdb/index.php?lang=en
/sql/webadmin/index.php?lang=e
/sql/sqlweb/index.php?lang=en
/sql/sqladmin/index.php?lang=en
/sql/sql/index.php?lang=en
/shopdb/index.php?lang=en

Tomcatの管理画面へのアクセス

/manager/html

不審な通信の一覧

uri count
/robots.txt 1434
/.env 398
/favicon.ico 322
/sw.js 312
/ads.txt 197
/.git/config 148
* 138
mstshash=Administr 102
/app-ads.txt 102
/wp-login.php 92
/index.xml 82
//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 66
/webui/ 63
/geoserver/web/ 59
/actuator/gateway/routes 44
/sellers.json 41
/.DS_Store 34
/mailman/listinfo/mailman 31
www.shadowserver.org:443 30
/admin.php 30
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 26
/.vscode/sftp.json 26
/manifest.js 25
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js 25
12.1.2 24
/style.php 24
/admin/config.php 24
/.well-known/security.txt 24
/aab8 23
/_profiler/phpinfo 23
/sql/phpmy-admin/index.php?lang=en 21
/phpmyadmin2017/index.php?lang=en 21
/phpMyAdmin4/index.php?lang=en 21
/phpMyAdmin-4/index.php?lang=en 21
/index.php 21
/db/phpmyadmin/index.php?lang=en 21
/admin/phpmyadmin/index.php?lang=en 21
/about.php 21
/sqlmanager/index.php?lang=en 20
/sql/websql/index.php?lang=en 20
/sql/webdb/index.php?lang=en 20
/sql/webadmin/index.php?lang=en 20
/sql/sqlweb/index.php?lang=en 20
/sql/sqladmin/index.php?lang=en 20
/sql/sql/index.php?lang=en 20
/sql/phpmyadmin5/index.php?lang=en 20
/sql/phpmyadmin4/index.php?lang=en 20
/sql/phpmyadmin3/index.php?lang=en 20
/sql/phpmanager/index.php?lang=en 20
/sql/phpMyAdmin2/index.php?lang=en 20
/sql/phpMyAdmin/index.php?lang=en 20
/sql/myadmin/index.php?lang=en 20
/shopdb/index.php?lang=en 20
/pma/index.php?lang=en 20
/phppma/index.php?lang=en 20
/phpmyadmin_/index.php?lang=en 20
/phpmyadmin6/index.php?lang=en 20
/phpmyadmin5/index.php?lang=en 20
/phpmyadmin4/index.php?lang=en 20
/phpmyadmin3/index.php?lang=en 20
/phpmyadmin2022/index.php?lang=en 20
/phpmyadmin2021/index.php?lang=en 20
/phpmyadmin2020/index.php?lang=en 20
/phpmyadmin2019/index.php?lang=en 20
/phpmyadmin2018/index.php?lang=en 20
/phpmyadmin2/index.php?lang=en 20
/phpmyadmin1/index.php?lang=en 20
/phpmyadmin/index.php?lang=en 20
/phpmyAdmin/index.php?lang=en 20
/phpmy/index.php?lang=en 20
/phpmy-admin/index.php?lang=en 20
/phpMyadmin/index.php?lang=en 20
/phpMyAdmin_/index.php?lang=en 20
/phpMyAdmin6/index.php?lang=en 20
/phpMyAdmin6.0/index.php?lang=en 20
/phpMyAdmin5/index.php?lang=en 20
/phpMyAdmin5.2/index.php?lang=en 20
/phpMyAdmin5.1/index.php?lang=en 20
/phpMyAdmin3/index.php?lang=en 20
/phpMyAdmin2/index.php?lang=en 20
/phpMyAdmin1/index.php?lang=en 20
/phpMyAdmin-latest/index.php?lang=en 20
/phpMyAdmin-latest-english/index.php?lang=en 20
/phpMyAdmin-latest-all-languages/index.php?lang=en 20
/phpMyAdmin-5/index.php?lang=en 20
/phpMyAdmin-5.2/index.php?lang=en 20
/phpMyAdmin-5.2.1/index.php?lang=en 20
/phpMyAdmin-5.2.1-english/index.php?lang=en 20
/phpMyAdmin-5.2.1-all-languages/index.php?lang=en 20
/phpMyAdmin-5.2.0/index.php?lang=en 20
/phpMyAdmin-5.2.0-all-languages/index.php?lang=en 20
/phpMyAdmin-5.1.3/index.php?lang=en 20
/phpMyAdmin-5.1.2/index.php?lang=en 20
/phpMyAdmin-5.1.1/index.php?lang=en 20
/phpMyAdmin-5.1.0/index.php?lang=en 20
/phpMyAdmin-4.9.7/index.php?lang=en 20
/phpMyAdmin-4.9.10-all-languages/index.php?lang=en 20
/phpMyAdmin-3/index.php?lang=en 20
/php-myadmin/index.php?lang=en 20
/php-my-admin/index.php?lang=en 20
/mysqladmin/index.php?lang=en 20
/mysql/web/index.php?lang=en 20
/mysql/sqlmanager/index.php?lang=en 20
/mysql/pma/index.php?lang=en 20
/mysql/mysqlmanager/index.php?lang=en 20
/mysql/index.php?lang=en 20
/mysql/dbadmin/index.php?lang=en 20
/mysql/admin/index.php?lang=en 20
/mysql-admin/index.php?lang=en 20
/myadmin/index.php?lang=en 20
/menu.php 20
/index.php?lang=en 20
/dbadmin/index.php?lang=en 20
/db/websql/index.php?lang=en 20
/db/webdb/index.php?lang=en 20
/db/webadmin/index.php?lang=en 20
/db/phpmyadmin5/index.php?lang=en 20
/db/phpmyadmin4/index.php?lang=en 20
/db/phpmyadmin3/index.php?lang=en 20
/db/phpMyAdmin3/index.php?lang=en 20
/db/phpMyAdmin/index.php?lang=en 20
/db/phpMyAdmin-5/index.php?lang=en 20
/db/phpMyAdmin-4/index.php?lang=en 20
/db/phpMyAdmin-3/index.php?lang=en 20
/db/myadmin/index.php?lang=en 20
/db/index.php?lang=en 20
/db/dbweb/index.php?lang=en 20
/db/dbadmin/index.php?lang=en 20
/db/db-admin/index.php?lang=en 20
/database/index.php?lang=en 20
/administrator/web/index.php?lang=en 20
/administrator/pma/index.php?lang=en 20
/administrator/phpmyadmin/index.php?lang=en 20
/administrator/phpMyAdmin/index.php?lang=en 20
/administrator/admin/index.php?lang=en 20
/admin/web/index.php?lang=en 20
/admin/sysadmin/index.php?lang=en 20
/admin/sqladmin/index.php?lang=en 20
/admin/pma/index.php?lang=en 20
/admin/phpMyAdmin/index.php?lang=en 20
/admin/index.php?lang=en 20
/admin/db/index.php?lang=en 20
/phpmyadmin/index.php?lang=en 20
/_phpmyadmin/index.php?lang=en 20
/_phpMyAdmin/index.php?lang=en 20
/__phpmyadmin/index.php?lang=en 20
/PMA/index.php?lang=en 20
/MyAdmin/index.php?lang=en 20
/2phpmyadmin/index.php?lang=en 20
/1phpmyadmin/index.php?lang=en 20
/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en 19
/sql/sql-admin/index.php?lang=en 19
/sql/php-myadmin/index.php?lang=en 19
/program/index.php?lang=en 19
/phpMyAdmin/index.php?lang=en 19
/mysqlmanager/index.php?lang=en 19
/mysql/pMA/index.php?lang=en 19
/mysql/db/index.php?lang=en 19
/info.php 19
/dns-query 19
/class.api.php 19
/administrator/db/index.php?lang=en 19
/administrator/PMA/index.php?lang=en 19
/sdk 18
/main.php 18
/inputs.php 18
/dropdown.php 18
/debug/default/view?panel=config 18
/actuator/health 18
/HNAP1 18
/.well-known/assetlinks.json 18
/.well-known/apple-app-site-association 18
/redmine/.env 17
/manager/html 17
/config.json 17
/alfanew.php 17
/aaa9 17
[\x22miner1\x22, 16
/simple.php 16
/repeater.php 16
/post/wp-login.php 16
/index.jsp 16
/admin/assets/js/views/login.js 16
/.env.production 16
/.env.prod 16
/wso112233.php 15
/wp-content/plugins/core/include.php 15
/fm1.php 15
/default.php 15
/about 15
/.well-known/wso112233.php 15
api.ipify.org:443 14
/sitemap.xml 14
/aab9 14
\xC0/\xC00\xC0+\xC0,\xCC\xA8\xCC\xA9\xC0\x13\xC0\x09\xC0\x14\xC0 13
/wp-content/plugins/press/wp-class.php 13
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ 13
/owa/auth/logon.aspx 13
/login 13
/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB 13
/core/.env 13
/boaform/admin/formLogin 13
/autodiscover/autodiscover.json?@zdi/Powershell 13
/alfanew.php7 13
/M1.php 13
/.well-known/traffic-advice 13
default.asp 12
/wp-includes/ID3/about.php 12
/wp-content/themes/about.php 12
/start.shtml 12
/start.pl 12
/start.php 12
/start.jsp 12
/start.jsa 12
/start.jhtml 12
/start.html 12
/start.cgi 12
/start.cfm 12
/start.aspx 12
/start.asp 12
/rest/applinks/1.0/manifest 12
/resolve?name=example.com&type=A 12

follow us in feedly

comments powered by Disqus

関連記事

新着記事