公開している web サーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
PHPUnitのevalをリモート実行
PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信
JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php
/vendor/phpunit/Util/PHP/eval-stdin.php
/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/phpunit/Util/PHP/eval-stdin.php
/phpunit/Util/PHP/eval-stdin.php
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php
/lib/phpunit/Util/PHP/eval-stdin.php
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
WordPress関連
/wp-content/plugins/WordPressCore/include.php
/wp-includes/widgets/include.php
/wp-includes/images/include.php
/.well-known/traffic-advice
Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性
下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構
/webui/
GeoServerの脆弱性を狙った通信
/geoserver/web/
不審な通信の一覧
| uri | count |
|---|---|
| /index.xml | 5946 |
| /robots.txt | 2073 |
| /.env | 660 |
| /favicon.ico | 386 |
| /sw.js | 334 |
| /wp-content/plugins/WordPressCore/include.php | 280 |
| /wp-includes/widgets/include.php | 279 |
| /wp-includes/images/include.php | 276 |
| /admin/assets/js/views/login.js | 229 |
| /.git/config | 229 |
| /ads.txt | 220 |
| /wp-content/themes/include.php | 154 |
| /wp-content/plugins/include.php | 151 |
| /.well-known/traffic-advice | 150 |
| /v1/agent/service/register | 138 |
| /sellers.json | 137 |
| * | 131 |
| /wp-content/plugins/core-plugin/include.php | 129 |
| /core/.env | 116 |
| mstshash=Administr | 112 |
| /logon.htm | 111 |
| /api/.env | 109 |
| /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 102 |
| /public/.env | 96 |
| /app/.env | 96 |
| /local/.env | 88 |
| /admin/.env | 85 |
| /database/.env | 84 |
| /laravel/.env | 82 |
| /apps/.env | 79 |
| /crm/.env | 77 |
| /old/.env | 75 |
| /www/.env | 73 |
| /src/.env | 73 |
| /new/.env | 73 |
| /app/config/.env | 73 |
| /.env.example | 72 |
| /wp-content/.env | 70 |
| /wp-admin/.env | 70 |
| /protected/.env | 70 |
| /library/.env | 70 |
| /cgi-bin/.env | 70 |
| /base/.env | 70 |
| /backend/.env | 70 |
| /storage/.env | 69 |
| /redmine/.env | 68 |
| /sites/all/libraries/mailchimp/.env | 67 |
| /site/.env | 67 |
| /conf/.env | 66 |
| /audio/.env | 66 |
| /.env.dev | 66 |
| /vendor/.env | 65 |
| /blog/.env | 65 |
| /uploads/.env | 64 |
| /shared/.env | 63 |
| /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh | 63 |
| /wp | 62 |
| /wordpress | 62 |
| /webui/ | 62 |
| /geoserver/web/ | 61 |
| /web/.env | 60 |
| /sites/.env | 60 |
| /old | 60 |
| /new | 60 |
| /main/.env | 60 |
| /actuator/gateway/routes | 60 |
| /vendor/laravel/.env | 59 |
| /newsite/.env | 59 |
| /.env.php | 59 |
| /login | 58 |
| /home | 58 |
| /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh | 58 |
| /app-ads.txt | 58 |
| /gists/cache | 57 |
| /download/.env | 57 |
| /docs/.env | 57 |
| /client/.env | 57 |
| /blogs/.env | 57 |
| /containers/json | 56 |
| /backup | 56 |
| /main | 54 |
| /bk | 54 |
| /bc | 54 |
| /_profiler/phpinfo | 54 |
| /sendgrid.env | 52 |
| /aws.env | 52 |
| /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input | 51 |
| /lib/.env | 50 |
| /wp-login.php | 49 |
| /vendor/phpunit/src/Util/PHP/eval-stdin.php | 49 |
| /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php | 49 |
| /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 48 |
| /vendor/phpunit/phpunit/LICENSE/eval-stdin.php | 48 |
| /vendor/phpunit/Util/PHP/eval-stdin.php | 48 |
| /phpunit/src/Util/PHP/eval-stdin.php | 48 |
| /phpunit/phpunit/src/Util/PHP/eval-stdin.php | 48 |
| /phpunit/phpunit/Util/PHP/eval-stdin.php | 48 |
| /phpunit/Util/PHP/eval-stdin.php | 48 |
| /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /lib/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /lib/phpunit/phpunit/Util/PHP/eval-stdin.php | 47 |
| /lib/phpunit/Util/PHP/eval-stdin.php | 47 |
| /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello | 47 |
| /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 47 |
| /index.php?lang=../../../../../../../../tmp/index1 | 46 |
| /t4 | 43 |
| /password/reset | 34 |
| /config.json | 33 |
| /.well-known/security.txt | 32 |
| /.aws/credentials | 32 |
| /docker/.env | 31 |
| /info.php | 29 |
| /post/wp-login.php | 28 |
| /admin.php | 28 |
| /.well-known/ | 27 |
| /libs/js/iframe.js | 26 |
| /.vscode/sftp.json | 26 |
| /.env.bak | 26 |
| /phpinfo.php | 25 |
| /login.rsp | 25 |
| /.env.production | 25 |
| /wp-admin/admin-ajax.php?action=add_custom_font | 24 |
| /.env.save | 24 |
| /wp-content/uploads/ | 23 |
| /version | 23 |
| /.env.old | 23 |
| /wp-content/ | 22 |
| /application/.env | 22 |
| /.env.prod | 21 |
| /wp-includes/ | 20 |
| /system/.env | 20 |
| /sdk | 20 |
| /cgi-bin/luci/;stok=/locale?form=country&operation=read | 20 |
| /HNAP1 | 20 |
| /v2/_catalog | 19 |
| /sftp-config.json | 19 |
| /phpinfo | 19 |
| /dns-query | 19 |
| /1.php | 19 |
| 0, | 18 |
| /wp-content/themes/ | 18 |
| /wp-content/plugins/ | 18 |
| /wp-admin/ | 18 |
| /remote/login | 18 |
| /pool_info | 18 |
| /owa/auth/logon.aspx | 18 |
| /json_rpc | 18 |
| /fedex/.env | 18 |
| /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application | 18 |
| /actuator/health | 18 |
| /.env.dist | 18 |
| /wp-admin/js/about.php | 17 |
| /production/.env | 17 |
| /private/.env | 17 |
| /index.php | 17 |
| /cgi-bin/authLogin.cgi | 17 |
| /about | 17 |
| /aab9 | 17 |
| /.env.backup | 17 |
| /development/.env | 16 |
| /about.php | 16 |
| /.well-known/acme-challenge/ | 16 |
| /teorema505?t=1 | 15 |
| /alive.php | 15 |
| /ab2h | 15 |
| /ab2g | 15 |
| /aab8 | 15 |
| /wp-content/about.php | 14 |
| /sources/.env | 14 |
| /solr/admin/info/system | 14 |
| /solr/admin/cores?action=STATUS&wt=json | 14 |
| /script/.env | 14 |
| /rest/.env | 14 |
| /remote/login?lang=en | 14 |
| /query?q=SHOW+DIAGNOSTICS | 14 |
| /php_info.php | 14 |
| /owa/ | 14 |
| /evox/about | 14 |
| /cp/.env | 14 |
| /config/aws.yml | 14 |
| /config/.env | 14 |
| /back/.env | 14 |
| /app_dev.php/_profiler/phpinfo | 14 |
| /aaa9 | 14 |
| /.well-known/acme-challenge/cloud.php | 14 |
| /.env.local | 14 |
| /xmlrpc.php | 13 |
| /upl.php | 13 |
| /systembc/password.php | 13 |
