ITオムライス
  1. ITオムライス
  2. Posts
  3. webサーバのログの分析2025 4月分

webサーバのログの分析2025 4月分

2025-07-05 技術系

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

WordPress関連

2月に引き続きWordPress関連が多かったので2月3月とトレンドになっていたのかもしれないです。
WordPressは定期的に攻撃が増えるので定期的なアップデートを実施してください。

/wp-content/plugins/WordPressCore/include.php
/wp-includes/images/include.php              
/wp-includes/widgets/include.php             
/wp-login.php                                
/post/wp-login.php                           
/wp-content/plugins/core-plugin/include.php  
/wp-content/themes/include.php 
/wp-content/plugins/include.php
/wp-content/        
/wp-includes/       
/wp-content/uploads/
/wp-content/themes/ 
/wp-content/plugins/

traffic-adviceへのアクセス

Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件 〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発[東京/浜松]

/.well-known/traffic-advice

Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性

下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構

/webui/

GeoServerの脆弱性を狙った通信

/geoserver/web/

Spring Frameworkの脆弱性

Spring FrameworkのSpring Cloud Gatewayという機能の脆弱性に関する通信みたいです。
CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability

/actuator/gateway/routes

Spring Boot Actuatorのヘルスチェック機能へのアクセス

Spring Boot ActuatorというSpring Bootの機能へのアクセスがありました。

/actuator/health

/.aws/credentials

AWSの設定ファイルへのアクセスがありました。

/.aws/credentials

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信

JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース

/vendor/phpunit/src/Util/PHP/eval-stdin.php                          
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php                      
/vendor/phpunit/Util/PHP/eval-stdin.php                              
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php             
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php              
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php           
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php                       
/phpunit/src/Util/PHP/eval-stdin.php                                 
/phpunit/phpunit/src/Util/PHP/eval-stdin.php                         
/phpunit/phpunit/Util/PHP/eval-stdin.php                             
/phpunit/Util/PHP/eval-stdin.php                                     
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php                     
/lib/phpunit/src/Util/PHP/eval-stdin.php                             
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php                         
/lib/phpunit/Util/PHP/eval-stdin.php                                 
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php              
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php               
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php            
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php            
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php          
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php             
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

ルータの脆弱性「CVE-2020-10173」を利用するIoTマルウェア | トレンドマイクロ セキュリティブログ

/boaform/admin/formLogin

不審な通信の一覧

uri count
/.env 675
/favicon.ico 505
/wp-content/plugins/WordPressCore/include.php 417
/wp-includes/images/include.php 400
/wp-includes/widgets/include.php 394
/.git/config 381
/wp-login.php 307
/post/wp-login.php 284
/sw.js 280
/wp-content/plugins/core-plugin/include.php 241
/ads.txt 220
* 205
/wp-content/themes/include.php 169
/.well-known/traffic-advice 167
/wp-content/plugins/include.php 157
mstshash=Administr 131
/admin/assets/js/views/login.js 118
/config.json 109
/.env.production 105
\x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=’:\xA9\x82\xD9o\xC8\xA2\xD7\x93\x98\xB4\xEF\x80\xE5\xB9\x90\x00(\xC0 101
/api/.env 95
/.env.local 95
/wp-content/ 94
/.well-known/ 94
/wp-includes/ 93
/wp-content/uploads/ 93
/wp-content/themes/ 91
/wp-content/plugins/ 91
/wp-admin/ 91
/.well-known/acme-challenge/ 91
/index.xml 89
/wp 87
/wordpress 87
/old 87
/new 87
/main 87
/home 87
/backup 87
/login/ 86
/css/ 86
/bk 86
/bc 86
/app/ 86
/.well-known/pki-validation/ 86
/.env.prod 86
/.env.dev 83
/.aws/credentials 81
/password/reset 80
/.env.test 79
/config/.env 76
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 73
/.env.save 67
/t4 66
/cms/.git/config 62
/backup/.git/config 62
/api/.git/config 62
/src/.git/config 61
/fapi/v1/ticker/bookTicker?symbol=BTCUSDT 60
/dev/.git/config 60
/app/.git/config 60
/server/.git/config 59
/media/.git/config 59
/admin/.git/config 59
/.env.backup 59
/www/.git/config 58
/geoserver/web/ 58
/webui/ 57
/static../.git/config 57
/public/.git/config 57
/media../.git/config 57
/files/.git/config 57
/data/.git/config 57
/core/.git/config 57
/.env.bak 57
/config/.git/config 56
/settings/.env 55
/aaa9 55
/.env.secret 55
/project/.git/config 54
/.env.dist 54
/prod/.env 52
/actuator/gateway/routes 52
/aab9 52
/.env.stage 52
/assets../.git/config 51
/.env_sample 51
/.env.production.local 51
/.env.testing 50
/configuration/.env 49
/build/.env 49
/.git/HEAD 49
/.env.staging.local 49
/.env.config 49
/phpinfo.php 48
/docker-compose.prod.yml 48
/.env.template 48
/.env.sandbox 48
/.env.preprod 48
/.env.live 48
/.env.development.local 48
/.env.dev.local 48
/.env.default 48
/.env.ci 48
/app-ads.txt 47
/.env.uat 47
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh 44
/manifest.js 43
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 40
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 40
/containers/json 40
/_profiler/phpinfo 40
/vendor/phpunit/src/Util/PHP/eval-stdin.php 39
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php 39
/vendor/phpunit/Util/PHP/eval-stdin.php 39
/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input 39
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js 39
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 38
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 38
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 38
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php 38
/phpunit/src/Util/PHP/eval-stdin.php 38
/phpunit/phpunit/src/Util/PHP/eval-stdin.php 38
/phpunit/phpunit/Util/PHP/eval-stdin.php 38
/phpunit/Util/PHP/eval-stdin.php 38
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php 38
/lib/phpunit/src/Util/PHP/eval-stdin.php 37
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php 37
/boaform/admin/formLogin 37
/lib/phpunit/Util/PHP/eval-stdin.php 35
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 34
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 34
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello 33
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello 33
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/+/tmp/index1.php 33
/index.php?lang=../../../../../../../../tmp/index1 33
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 33
/login.rsp 32
/laravel/.env 32
/info.php 32
/.env.example 32
/backup.sql 31
/HNAP1 30
/.git/index 30
/sdk 29
/test.php 28
/app/.env 28
/.well-known/security.txt 28
/config.js 27
/v1/agent/service/register 26
/docker/.env 26
/db.sql 26
/core/.env 26
/.env.development 26
/database.sql 25
/config/secrets.yml 25
/1.php 25
/wp-content/plugins/core-stab/index.php 24
/backend/.env 24
/xmlrpc.php?rsd 23
/wp1/wp-includes/wlwmanifest.xml 23
/wp/wp-includes/wlwmanifest.xml 23
/wordpress/wp-includes/wlwmanifest.xml 23
/web/wp-includes/wlwmanifest.xml 23
/upl.php 23
/test/wp-includes/wlwmanifest.xml 23
/site/wp-includes/wlwmanifest.xml 23
/evox/about 23
/cms/wp-includes/wlwmanifest.xml 23
/blog/wp-includes/wlwmanifest.xml 23
/teorema505?t=1 22
/systembc/password.php 22
/password.php 22
/owa/auth/logon.aspx 22
/geoip/ 22
/form.html 22
/alive.php 22
/actuator/health 22
/ab2h 22
/ab2g 22
/phpinfo 21
/login 21
/cgi-bin/authLogin.cgi 21
/admin/.env 21
/about 21
/.env.staging 21
/.env.debug 21
/xmlrpc.php 20
/shop/wp-includes/wlwmanifest.xml 20
/server.js 20
/data.sql 20
/app/config/.env 20
/.env.qa 20
/wp2/wp-includes/wlwmanifest.xml 19
/wp-includes/wlwmanifest.xml 19
/website/wp-includes/wlwmanifest.xml 19
/v2/_catalog 19
/solr/admin/info/system 19
/solr/admin/cores?action=STATUS&wt=json 19
/sito/wp-includes/wlwmanifest.xml 19
/news/wp-includes/wlwmanifest.xml 19
/application.yml 19
/query?q=SHOW+DIAGNOSTICS 18
/public/.env 18
/libs/js/iframe.js 18
/app.js 18
/.git/refs/ 18
/sellers.json 17
/config/database.yml 17
/application/.env 17
example.com:80 16
/wp-content/themes/classic/inc/index.php 16
/wp-config.php 16
/r4/metadata 16
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application 16
/config/production.json 16
/config.env 16
/auth.json 16
//.env 16
/version 15

follow us in feedly



関連記事

新着記事