公開している web サーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
WordPress関連
2月に引き続きWordPress関連が多かったので2月3月とトレンドになっていたのかもしれないです。
WordPressは定期的に攻撃が増えるので定期的なアップデートを実施してください。
/wp-content/plugins/WordPressCore/include.php
/wp-includes/images/include.php
/wp-includes/widgets/include.php
/wp-content/themes/include.php
/wp-content/plugins/include.php
/wp-content/plugins/core-plugin/include.php
traffic-adviceへのアクセス
Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件 〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発[東京/浜松]
/.well-known/traffic-advice
PHPUnitのevalをリモート実行
PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信
JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性
下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構
/webui/
GeoServerの脆弱性を狙った通信
/geoserver/web/
Spring Frameworkの脆弱性
Spring FrameworkのSpring Cloud Gatewayという機能の脆弱性に関する通信みたいです。
CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability
/actuator/gateway/routes
Spring Boot Actuatorのヘルスチェック機能へのアクセス
Spring Boot ActuatorというSpring Bootの機能へのアクセスがありました。
/actuator/health
不審な通信の一覧
uri | count |
---|---|
/wp-content/plugins/WordPressCore/include.php | 483 |
/wp-includes/images/include.php | 474 |
/wp-includes/widgets/include.php | 470 |
/wp-content/themes/include.php | 273 |
/wp-content/plugins/include.php | 269 |
/ads.txt | 231 |
/.git/config | 229 |
/wp-content/plugins/core-plugin/include.php | 202 |
/sw.js | 192 |
/index.xml | 191 |
* | 181 |
/.well-known/traffic-advice | 179 |
/api/.env | 145 |
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 138 |
mstshash=Administr | 129 |
/.env.production | 126 |
/.env.local | 122 |
/.env.save | 119 |
/.env.prod | 119 |
/.env.bak | 118 |
/.env.backup | 114 |
/wp-login.php | 111 |
/.env.production.local | 106 |
/config.json | 104 |
/.env_sample | 101 |
/t4 | 100 |
/.env.stage | 100 |
/admin/assets/js/views/login.js | 96 |
/post/wp-login.php | 93 |
/.env.dev | 92 |
/.aws/credentials | 91 |
/.env.live | 85 |
/.env.development.local | 84 |
/.env.dev.local | 83 |
/.env.example | 82 |
/config/.env | 80 |
/login.rsp | 77 |
/.env.old | 75 |
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh | 68 |
/.env.testing | 68 |
/containers/json | 67 |
/webui/ | 65 |
/prod/.env | 64 |
/geoserver/web/ | 64 |
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 63 |
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 63 |
/vendor/phpunit/src/Util/PHP/eval-stdin.php | 63 |
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php | 63 |
/settings/.env | 63 |
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 63 |
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 63 |
/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input | 63 |
ipaddress.vanhoang.id.vn:443 | 62 |
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php | 62 |
/vendor/phpunit/Util/PHP/eval-stdin.php | 62 |
/_profiler/phpinfo | 62 |
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/phpunit/phpunit/Util/PHP/eval-stdin.php | 61 |
/phpunit/Util/PHP/eval-stdin.php | 61 |
/lib/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php | 61 |
/lib/phpunit/Util/PHP/eval-stdin.php | 61 |
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 61 |
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello | 60 |
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello | 60 |
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 60 |
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/+/tmp/index1.php | 59 |
/index.php?lang=../../../../../../../../tmp/index1 | 59 |
/actuator/gateway/routes | 58 |
/wp | 57 |
/wordpress | 57 |
/phpinfo.php | 56 |
/old | 56 |
/new | 56 |
/backup | 56 |
/main | 55 |
/home | 55 |
/bk | 55 |
/bc | 55 |
/.git/HEAD | 55 |
/admin/.env | 54 |
/media/.git/config | 53 |
/.env.dist | 53 |
/core/.env | 52 |
/app/.env | 52 |
/app-ads.txt | 52 |
/static../.git/config | 51 |
/public/.git/config | 51 |
/libs/js/iframe.js | 51 |
/cms/.git/config | 51 |
/media../.git/config | 50 |
/login | 50 |
/core/.git/config | 50 |
/api/.git/config | 50 |
/.env.test | 50 |
/v1/agent/service/register | 49 |
/phpinfo | 49 |
/laravel/.env | 49 |
/backup/.git/config | 49 |
/backend/.env | 49 |
/server/.git/config | 48 |
/.env.prod.local | 48 |
/www/.git/config | 47 |
/public/.env | 47 |
/project/.git/config | 47 |
/files/.git/config | 47 |
/cgi-bin/luci/;stok=/locale | 47 |
/src/.git/config | 46 |
/docker/.env | 46 |
/dev/.git/config | 46 |
/build/.env | 46 |
/app/.git/config | 46 |
/admin/.git/config | 46 |
/data/.git/config | 45 |
/config/.git/config | 45 |
/.env.config | 45 |
/.env.uat | 44 |
/.env.staging.local | 43 |
/.env.secret | 43 |
/.env.preprod | 43 |
/.env.default | 43 |
/configuration/.env | 42 |
/.env.template | 42 |
/.env.ci | 42 |
/info.php | 41 |
/local/.env | 40 |
/web/.env | 39 |
/.well-known/ | 39 |
/dev/.env | 38 |
/application/.env | 38 |
/.env.www | 38 |
/docker-compose.prod.yml | 37 |
/.env_1 | 37 |
/teorema505?t=1 | 35 |
/site/.env | 35 |
/env/.env | 35 |
/assets../.git/config | 35 |
/alive.php | 35 |
/ab2h | 35 |
/ab2g | 35 |
/.env.sandbox | 35 |
/.aws/config | 35 |
/wp-admin/ | 34 |
/php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input | 34 |
/password/reset | 34 |
/cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input | 34 |
/crm/.env | 33 |
/apps/.env | 33 |
/wp-content/uploads/ | 32 |
/wp-content/ | 32 |
/php_info.php | 32 |
/1.php | 32 |
/wp-includes/ | 31 |
/wp-content/themes/ | 31 |
/wp-content/plugins/ | 31 |
/test.php | 31 |
/config/aws.yml | 31 |
/app_dev.php/_profiler/phpinfo | 31 |
/upl.php | 30 |
/systembc/password.php | 30 |
/portal/.env | 30 |
/password.php | 30 |
/main/.env | 30 |
/geoip/ | 30 |
/form.html | 30 |
/config/config.json | 30 |
/www/.env | 29 |
/tags/pov | 29 |
/tags/opensuse | 29 |
/server/.env | 29 |
/new/.env | 29 |
/laravel/core/.env | 29 |
/_phpinfo.php | 29 |
/.well-known/acme-challenge/ | 29 |
/mail/.env | 28 |
/config.js | 28 |
/old/.env | 27 |
/node_modules/.env | 27 |
/mailer/.env | 27 |
/conf/.env | 27 |
/.vscode/.env | 27 |
/wp-config.php | 26 |
/webui | 26 |
/v2/.env | 26 |
/tags/cms | 26 |
/owa/ | 26 |
/env.backup | 26 |
/cron/.env | 26 |
/aws.yml | 26 |
/appsettings.json | 26 |
/wp-config.php.bak | 25 |
/wp-config | 25 |
/system/.env | 25 |
/storage/logs/laravel.log | 25 |
/sellers.json | 25 |
/new/.env.staging | 25 |
/login/login.html | 25 |
/lara/phpinfo.php | 25 |
/lara/info.php | 25 |
/development/.env | 25 |
/database/.env | 25 |
/css/ | 25 |
/awstats/.env | 25 |
/aws-secret.yaml | 25 |
/app/config/.env | 25 |
/_profiler/phpinfo/phpinfo.php | 25 |
/_profiler/phpinfo/info.php | 25 |
/HNAP1 | 25 |
/.well-known/security.txt | 25 |
/.well-known/pki-validation/ | 25 |
/.travis.yml | 25 |
/src/.env | 24 |
/nginx/.env | 24 |
/new/.env.local | 24 |
/laravel/info.php | 24 |
/docker/app/.env | 24 |
/debug/default/view | 24 |
/config/parameters.yml | 24 |
/.json | 24 |
/xampp/phpinfo.php | 23 |
/storage/.env | 23 |
/sdk | 23 |
/new/.env.production | 23 |
/kyc/.env | 23 |
/blog/.env | 23 |
/aws/credentials | 23 |
/actuator/health | 23 |
/xampp/.env | 22 |
/v1/.env | 22 |
/server.js | 22 |
/library/.env | 22 |
/helpers/utility.js | 22 |
/dashboard/phpinfo.php | 22 |