webサーバのログの分析2025 3月分

2025-06-30 技術系

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

WordPress関連

2月に引き続きWordPress関連が多かったので2月3月とトレンドになっていたのかもしれないです。
WordPressは定期的に攻撃が増えるので定期的なアップデートを実施してください。

/wp-content/plugins/WordPressCore/include.php
/wp-includes/images/include.php              
/wp-includes/widgets/include.php             
/wp-content/themes/include.php               
/wp-content/plugins/include.php              
/wp-content/plugins/core-plugin/include.php  

traffic-adviceへのアクセス

Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件 〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発[東京/浜松]

/.well-known/traffic-advice

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信

JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/vendor/phpunit/src/Util/PHP/eval-stdin.php                
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php            
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性

下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構

/webui/

GeoServerの脆弱性を狙った通信

/geoserver/web/

Spring Frameworkの脆弱性

Spring FrameworkのSpring Cloud Gatewayという機能の脆弱性に関する通信みたいです。
CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability

/actuator/gateway/routes

Spring Boot Actuatorのヘルスチェック機能へのアクセス

Spring Boot ActuatorというSpring Bootの機能へのアクセスがありました。

/actuator/health

不審な通信の一覧

uri count
/wp-content/plugins/WordPressCore/include.php 483
/wp-includes/images/include.php 474
/wp-includes/widgets/include.php 470
/wp-content/themes/include.php 273
/wp-content/plugins/include.php 269
/ads.txt 231
/.git/config 229
/wp-content/plugins/core-plugin/include.php 202
/sw.js 192
/index.xml 191
* 181
/.well-known/traffic-advice 179
/api/.env 145
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 138
mstshash=Administr 129
/.env.production 126
/.env.local 122
/.env.save 119
/.env.prod 119
/.env.bak 118
/.env.backup 114
/wp-login.php 111
/.env.production.local 106
/config.json 104
/.env_sample 101
/t4 100
/.env.stage 100
/admin/assets/js/views/login.js 96
/post/wp-login.php 93
/.env.dev 92
/.aws/credentials 91
/.env.live 85
/.env.development.local 84
/.env.dev.local 83
/.env.example 82
/config/.env 80
/login.rsp 77
/.env.old 75
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh 68
/.env.testing 68
/containers/json 67
/webui/ 65
/prod/.env 64
/geoserver/web/ 64
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 63
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 63
/vendor/phpunit/src/Util/PHP/eval-stdin.php 63
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php 63
/settings/.env 63
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 63
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 63
/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input 63
ipaddress.vanhoang.id.vn:443 62
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php 62
/vendor/phpunit/Util/PHP/eval-stdin.php 62
/_profiler/phpinfo 62
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/phpunit/src/Util/PHP/eval-stdin.php 61
/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/phpunit/phpunit/Util/PHP/eval-stdin.php 61
/phpunit/Util/PHP/eval-stdin.php 61
/lib/phpunit/src/Util/PHP/eval-stdin.php 61
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php 61
/lib/phpunit/Util/PHP/eval-stdin.php 61
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 61
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello 60
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello 60
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 60
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/+/tmp/index1.php 59
/index.php?lang=../../../../../../../../tmp/index1 59
/actuator/gateway/routes 58
/wp 57
/wordpress 57
/phpinfo.php 56
/old 56
/new 56
/backup 56
/main 55
/home 55
/bk 55
/bc 55
/.git/HEAD 55
/admin/.env 54
/media/.git/config 53
/.env.dist 53
/core/.env 52
/app/.env 52
/app-ads.txt 52
/static../.git/config 51
/public/.git/config 51
/libs/js/iframe.js 51
/cms/.git/config 51
/media../.git/config 50
/login 50
/core/.git/config 50
/api/.git/config 50
/.env.test 50
/v1/agent/service/register 49
/phpinfo 49
/laravel/.env 49
/backup/.git/config 49
/backend/.env 49
/server/.git/config 48
/.env.prod.local 48
/www/.git/config 47
/public/.env 47
/project/.git/config 47
/files/.git/config 47
/cgi-bin/luci/;stok=/locale 47
/src/.git/config 46
/docker/.env 46
/dev/.git/config 46
/build/.env 46
/app/.git/config 46
/admin/.git/config 46
/data/.git/config 45
/config/.git/config 45
/.env.config 45
/.env.uat 44
/.env.staging.local 43
/.env.secret 43
/.env.preprod 43
/.env.default 43
/configuration/.env 42
/.env.template 42
/.env.ci 42
/info.php 41
/local/.env 40
/web/.env 39
/.well-known/ 39
/dev/.env 38
/application/.env 38
/.env.www 38
/docker-compose.prod.yml 37
/.env_1 37
/teorema505?t=1 35
/site/.env 35
/env/.env 35
/assets../.git/config 35
/alive.php 35
/ab2h 35
/ab2g 35
/.env.sandbox 35
/.aws/config 35
/wp-admin/ 34
/php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input 34
/password/reset 34
/cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input 34
/crm/.env 33
/apps/.env 33
/wp-content/uploads/ 32
/wp-content/ 32
/php_info.php 32
/1.php 32
/wp-includes/ 31
/wp-content/themes/ 31
/wp-content/plugins/ 31
/test.php 31
/config/aws.yml 31
/app_dev.php/_profiler/phpinfo 31
/upl.php 30
/systembc/password.php 30
/portal/.env 30
/password.php 30
/main/.env 30
/geoip/ 30
/form.html 30
/config/config.json 30
/www/.env 29
/tags/pov 29
/tags/opensuse 29
/server/.env 29
/new/.env 29
/laravel/core/.env 29
/_phpinfo.php 29
/.well-known/acme-challenge/ 29
/mail/.env 28
/config.js 28
/old/.env 27
/node_modules/.env 27
/mailer/.env 27
/conf/.env 27
/.vscode/.env 27
/wp-config.php 26
/webui 26
/v2/.env 26
/tags/cms 26
/owa/ 26
/env.backup 26
/cron/.env 26
/aws.yml 26
/appsettings.json 26
/wp-config.php.bak 25
/wp-config 25
/system/.env 25
/storage/logs/laravel.log 25
/sellers.json 25
/new/.env.staging 25
/login/login.html 25
/lara/phpinfo.php 25
/lara/info.php 25
/development/.env 25
/database/.env 25
/css/ 25
/awstats/.env 25
/aws-secret.yaml 25
/app/config/.env 25
/_profiler/phpinfo/phpinfo.php 25
/_profiler/phpinfo/info.php 25
/HNAP1 25
/.well-known/security.txt 25
/.well-known/pki-validation/ 25
/.travis.yml 25
/src/.env 24
/nginx/.env 24
/new/.env.local 24
/laravel/info.php 24
/docker/app/.env 24
/debug/default/view 24
/config/parameters.yml 24
/.json 24
/xampp/phpinfo.php 23
/storage/.env 23
/sdk 23
/new/.env.production 23
/kyc/.env 23
/blog/.env 23
/aws/credentials 23
/actuator/health 23
/xampp/.env 22
/v1/.env 22
/server.js 22
/library/.env 22
/helpers/utility.js 22
/dashboard/phpinfo.php 22

follow us in feedly

comments powered by Disqus

関連記事

新着記事