webサーバのログの分析2025 4月分

2025-07-05 技術系

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

WordPress関連

2月に引き続きWordPress関連が多かったので2月3月とトレンドになっていたのかもしれないです。
WordPressは定期的に攻撃が増えるので定期的なアップデートを実施してください。

/wp-content/plugins/WordPressCore/include.php
/wp-includes/images/include.php              
/wp-includes/widgets/include.php             
/wp-login.php                                
/post/wp-login.php                           
/wp-content/plugins/core-plugin/include.php  
/wp-content/themes/include.php 
/wp-content/plugins/include.php
/wp-content/        
/wp-includes/       
/wp-content/uploads/
/wp-content/themes/ 
/wp-content/plugins/

traffic-adviceへのアクセス

Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件　〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発［東京/浜松］

/.well-known/traffic-advice

Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性

下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人情報処理推進機構

/webui/

GeoServerの脆弱性を狙った通信

/geoserver/web/

Spring Frameworkの脆弱性

Spring FrameworkのSpring Cloud Gatewayという機能の脆弱性に関する通信みたいです。
CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability

/actuator/gateway/routes

Spring Boot Actuatorのヘルスチェック機能へのアクセス

Spring Boot ActuatorというSpring Bootの機能へのアクセスがありました。

/actuator/health

/.aws/credentials

AWSの設定ファイルへのアクセスがありました。

/.aws/credentials

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信

JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース

/vendor/phpunit/src/Util/PHP/eval-stdin.php                          
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php                      
/vendor/phpunit/Util/PHP/eval-stdin.php                              
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php             
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php              
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php           
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php                       
/phpunit/src/Util/PHP/eval-stdin.php                                 
/phpunit/phpunit/src/Util/PHP/eval-stdin.php                         
/phpunit/phpunit/Util/PHP/eval-stdin.php                             
/phpunit/Util/PHP/eval-stdin.php                                     
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php                     
/lib/phpunit/src/Util/PHP/eval-stdin.php                             
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php                         
/lib/phpunit/Util/PHP/eval-stdin.php                                 
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php              
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php               
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php            
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php            
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php          
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php             
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Netlink GPONルータ脆弱性

ルータの脆弱性「CVE-2020-10173」を利用するIoTマルウェア | トレンドマイクロセキュリティブログ

/boaform/admin/formLogin

不審な通信の一覧

uri	count
/.env	675
/favicon.ico	505
/wp-content/plugins/WordPressCore/include.php	417
/wp-includes/images/include.php	400
/wp-includes/widgets/include.php	394
/.git/config	381
/wp-login.php	307
/post/wp-login.php	284
/sw.js	280
/wp-content/plugins/core-plugin/include.php	241
/ads.txt	220
*	205
/wp-content/themes/include.php	169
/.well-known/traffic-advice	167
/wp-content/plugins/include.php	157
mstshash=Administr	131
/admin/assets/js/views/login.js	118
/config.json	109
/.env.production	105
\x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=’:\xA9\x82\xD9o\xC8\xA2\xD7\x93\x98\xB4\xEF\x80\xE5\xB9\x90\x00(\xC0	101
/api/.env	95
/.env.local	95
/wp-content/	94
/.well-known/	94
/wp-includes/	93
/wp-content/uploads/	93
/wp-content/themes/	91
/wp-content/plugins/	91
/wp-admin/	91
/.well-known/acme-challenge/	91
/index.xml	89
/wp	87
/wordpress	87
/old	87
/new	87
/main	87
/home	87
/backup	87
/login/	86
/css/	86
/bk	86
/bc	86
/app/	86
/.well-known/pki-validation/	86
/.env.prod	86
/.env.dev	83
/.aws/credentials	81
/password/reset	80
/.env.test	79
/config/.env	76
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	73
/.env.save	67
/t4	66
/cms/.git/config	62
/backup/.git/config	62
/api/.git/config	62
/src/.git/config	61
/fapi/v1/ticker/bookTicker?symbol=BTCUSDT	60
/dev/.git/config	60
/app/.git/config	60
/server/.git/config	59
/media/.git/config	59
/admin/.git/config	59
/.env.backup	59
/www/.git/config	58
/geoserver/web/	58
/webui/	57
/static../.git/config	57
/public/.git/config	57
/media../.git/config	57
/files/.git/config	57
/data/.git/config	57
/core/.git/config	57
/.env.bak	57
/config/.git/config	56
/settings/.env	55
/aaa9	55
/.env.secret	55
/project/.git/config	54
/.env.dist	54
/prod/.env	52
/actuator/gateway/routes	52
/aab9	52
/.env.stage	52
/assets../.git/config	51
/.env_sample	51
/.env.production.local	51
/.env.testing	50
/configuration/.env	49
/build/.env	49
/.git/HEAD	49
/.env.staging.local	49
/.env.config	49
/phpinfo.php	48
/docker-compose.prod.yml	48
/.env.template	48
/.env.sandbox	48
/.env.preprod	48
/.env.live	48
/.env.development.local	48
/.env.dev.local	48
/.env.default	48
/.env.ci	48
/app-ads.txt	47
/.env.uat	47
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh	44
/manifest.js	43
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	40
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	40
/containers/json	40
/_profiler/phpinfo	40
/vendor/phpunit/src/Util/PHP/eval-stdin.php	39
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php	39
/vendor/phpunit/Util/PHP/eval-stdin.php	39
/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input	39
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	39
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	38
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	38
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	38
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php	38
/phpunit/src/Util/PHP/eval-stdin.php	38
/phpunit/phpunit/src/Util/PHP/eval-stdin.php	38
/phpunit/phpunit/Util/PHP/eval-stdin.php	38
/phpunit/Util/PHP/eval-stdin.php	38
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php	38
/lib/phpunit/src/Util/PHP/eval-stdin.php	37
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php	37
/boaform/admin/formLogin	37
/lib/phpunit/Util/PHP/eval-stdin.php	35
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	34
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	34
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello	33
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello	33
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/+/tmp/index1.php	33
/index.php?lang=../../../../../../../../tmp/index1	33
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	33
/login.rsp	32
/laravel/.env	32
/info.php	32
/.env.example	32
/backup.sql	31
/HNAP1	30
/.git/index	30
/sdk	29
/test.php	28
/app/.env	28
/.well-known/security.txt	28
/config.js	27
/v1/agent/service/register	26
/docker/.env	26
/db.sql	26
/core/.env	26
/.env.development	26
/database.sql	25
/config/secrets.yml	25
/1.php	25
/wp-content/plugins/core-stab/index.php	24
/backend/.env	24
/xmlrpc.php?rsd	23
/wp1/wp-includes/wlwmanifest.xml	23
/wp/wp-includes/wlwmanifest.xml	23
/wordpress/wp-includes/wlwmanifest.xml	23
/web/wp-includes/wlwmanifest.xml	23
/upl.php	23
/test/wp-includes/wlwmanifest.xml	23
/site/wp-includes/wlwmanifest.xml	23
/evox/about	23
/cms/wp-includes/wlwmanifest.xml	23
/blog/wp-includes/wlwmanifest.xml	23
/teorema505?t=1	22
/systembc/password.php	22
/password.php	22
/owa/auth/logon.aspx	22
/geoip/	22
/form.html	22
/alive.php	22
/actuator/health	22
/ab2h	22
/ab2g	22
/phpinfo	21
/login	21
/cgi-bin/authLogin.cgi	21
/admin/.env	21
/about	21
/.env.staging	21
/.env.debug	21
/xmlrpc.php	20
/shop/wp-includes/wlwmanifest.xml	20
/server.js	20
/data.sql	20
/app/config/.env	20
/.env.qa	20
/wp2/wp-includes/wlwmanifest.xml	19
/wp-includes/wlwmanifest.xml	19
/website/wp-includes/wlwmanifest.xml	19
/v2/_catalog	19
/solr/admin/info/system	19
/solr/admin/cores?action=STATUS&wt=json	19
/sito/wp-includes/wlwmanifest.xml	19
/news/wp-includes/wlwmanifest.xml	19
/application.yml	19
/query?q=SHOW+DIAGNOSTICS	18
/public/.env	18
/libs/js/iframe.js	18
/app.js	18
/.git/refs/	18
/sellers.json	17
/config/database.yml	17
/application/.env	17
example.com:80	16
/wp-content/themes/classic/inc/index.php	16
/wp-config.php	16
/r4/metadata	16
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application	16
/config/production.json	16
/config.env	16
/auth.json	16
//.env	16
/version	15

映画「ドールハウス」の感想＞