ITオムライス
  1. ITオムライス
  2. Posts
  3. webサーバのログの分析2025 5月分

webサーバのログの分析2025 5月分

2025-07-25 技術系

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信

JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/vendor/phpunit/src/Util/PHP/eval-stdin.php     
/vendor/phpunit/Util/PHP/eval-stdin.php         
/phpunit/src/Util/PHP/eval-stdin.php            
/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/phpunit/phpunit/Util/PHP/eval-stdin.php        
/phpunit/Util/PHP/eval-stdin.php                
/lib/phpunit/src/Util/PHP/eval-stdin.php        
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php    
/lib/phpunit/Util/PHP/eval-stdin.php

ルータの脆弱性「CVE-2020-10173」を利用するIoTマルウェア | トレンドマイクロ セキュリティブログ

/boaform/admin/formLogin

traffic-adviceへのアクセス

Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件 〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発[東京/浜松]

/.well-known/traffic-advice

WordPress関連

/post/wp-login.php
/wp-includes/       
/wp-content/uploads/
/wp-content/themes/ 
/wp-content/plugins/
/wp-content/plugins/HelloDollyV2/hello_dolly_v2.php

GeoServerの脆弱性を狙った通信

/geoserver/web/

不審な通信の一覧

uri count
/robots.txt 2358
/.env 959
/ 627
/favicon.ico 530
/.git/config 393
/wp-login.php 268
/post/wp-login.php 238
/ads.txt 227
/sw.js 192
/.well-known/traffic-advice 152
/api/.env 136
mstshash=Administr 125
/password/reset 125
/.env.local 119
/.env.dev 109
/config.json 107
/.env.prod 106
\x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=’:\xA9\x82\xD9o\xC8\xA2\xD7\x93\x98\xB4\xEF\x80\xE5\xB9\x90\x00(\xC0 104
/boaform/admin/formLogin 97
/config/.env 96
/.aws/credentials 93
/.env.test 89
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 86
/index.xml 85
/.env.bak 84
/.env.production 80
/.env.save 77
/.env.backup 75
/wp-content/ 73
/prod/.env 72
/.well-known/ 72
/tags/gui 71
/.env_sample 71
/wp-includes/ 70
/wp-content/uploads/ 70
/wp-content/themes/ 70
/wp-content/plugins/ 70
/wp-admin/ 70
/.well-known/acme-challenge/ 69
//.env 68
/wp-content/plugins/HelloDollyV2/hello_dolly_v2.php 67
/geoserver/web/ 67
/css/ 67
/.well-known/pki-validation/ 67
/wp-content/themes/hello_dolly_v2.php 66
/static../.git/config 64
/build/.env 64
/.env.stage 63
/.env.ci 63
/fapi/v1/ticker/bookTicker?symbol=BTCUSDT 62
/config/.git/config 62
/.env.production.local 62
/.env.dist 62
/www/.git/config 61
/src/.git/config 61
/admin/.git/config 61
/files/.git/config 60
/data/.git/config 60
/backup/.git/config 60
/app/.git/config 60
/media/.git/config 59
/containers/json 59
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh 59
/api/.git/config 59
/webui/ 58
/server/.git/config 58
/assets../.git/config 58
/.env.testing 58
/core/.git/config 57
/.env.secret 57
/.env.live 57
/.env.default 57
/t4 56
/public/.git/config 56
/dev/.git/config 56
/cms/.git/config 56
/settings/.env 55
/media../.git/config 55
/admin/.env 55
/.env.sandbox 55
/.env.preprod 55
/.env.development.local 55
/.env.dev.local 55
/.env.config 55
/.env.staging.local 54
/project/.git/config 53
/configuration/.env 53
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php 52
/docker-compose.prod.yml 52
/_profiler/phpinfo 52
/.env.template 52
/vendor/phpunit/src/Util/PHP/eval-stdin.php 51
/vendor/phpunit/Util/PHP/eval-stdin.php 51
/phpunit/src/Util/PHP/eval-stdin.php 50
/phpunit/phpunit/src/Util/PHP/eval-stdin.php 50
/phpunit/phpunit/Util/PHP/eval-stdin.php 50
/phpunit/Util/PHP/eval-stdin.php 50
/lib/phpunit/src/Util/PHP/eval-stdin.php 50
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php 50
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php 50
/lib/phpunit/Util/PHP/eval-stdin.php 50
/developmentserver/metadatauploader 50
/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh 50
/.env.uat 50
/admin/config.php 49
//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 49
/.git/HEAD 49
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php 47
/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input 47
/backend/.env 47
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 45
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 45
/core/.env 45
/app/.env 45
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 44
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 43
/wp 42
/wordpress 42
/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello 42
/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello 42
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/+/tmp/index1.php 42
/index.php?lang=../../../../../../../../tmp/index1 42
/xmlrpc.php 41
/info.php 40
/actuator/gateway/routes 40
/.env.example 40
/phpinfo.php 39
/.env.qa 38
/old 36
/new 36
/laravel/.env 36
/backup 36
/version 35
/.env.staging 35
/public/.env 34
/backup.sql 34
/db.sql 33
/database.sql 33
//recordings/theme/main.css 33
/database/db.sql 32
/database/backup.sql 32
/data.sql 32
/main 31
/home 31
/bk 30
/bc 30
/1.php 29
/.git/index 29
/apps/.env 28
/aab8 28
/upl.php 27
/app_dev.php/_profiler/phpinfo 27
/test.php 26
/systembc/password.php 26
/password.php 26
/geoip/ 26
/form.html 26
/xmlrpc.php?rsd 25
/wp1/wp-includes/wlwmanifest.xml 25
/wp/wp-includes/wlwmanifest.xml 25
/wp-content/plugins/WordPressCore/include.php 25
/wordpress/wp-includes/wlwmanifest.xml 25
/web/wp-includes/wlwmanifest.xml 25
/test/wp-includes/wlwmanifest.xml 25
/site/wp-includes/wlwmanifest.xml 25
/shop/wp-includes/wlwmanifest.xml 25
/database/.env 25
/cms/wp-includes/wlwmanifest.xml 25
/blog/wp-includes/wlwmanifest.xml 25
/aaa9 25
/.vscode/sftp.json 25
/wp-includes/images/include.php 24
/web/.env 24
/phpinfo 24
/2019/wp-includes/wlwmanifest.xml 24
/wp2/wp-includes/wlwmanifest.xml 23
/wp-includes/wlwmanifest.xml 23
/wp-includes/widgets/include.php 23
/wp-content/themes/include.php 23
/website/wp-includes/wlwmanifest.xml 23
/test/.env 23
/sito/wp-includes/wlwmanifest.xml 23
/news/wp-includes/wlwmanifest.xml 23
/local/.env 23
/crm/.env 23
/cgi-bin/authLogin.cgi 23
/.env_1 23
example.com:80 22
/www/.env 22
/site/.env 22
/index.php 22
/HNAP1 22
/.well-known/security.txt 22
/vendor/.env 21
/sdk 21
/owa/auth/logon.aspx 21
/media/wp-includes/wlwmanifest.xml 21
/login 21
/application/.env 21
/actuator/health 21
/wp-content/plugins/include.php 19
/new/.env 19
/manifest.js 19
/sftp-config.json 18
/production/.env 18
/old/.env 18
/docker/.env 18
/dev/.env 18
/wp-content/.env 17
/uploads/.env 17
/test 17
/storage/.env 17
/src/.env 17
/sites/all/libraries/mailchimp/.env 17
/protected/.env 17
/owa/ 17
/library/.env 17
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application 17
/debug/default/view?panel=config 17
/app-ads.txt 17
/about/site_icons/icon-192x192.png 17
/aab9 17

follow us in feedly



関連記事

新着記事