公開している web サーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
GeoServerの脆弱性を狙った通信
/geoserver/web/
何かしらかをリセットしようとするリクエスト
何かのパスワードをリセットしようとしています。
/password/reset
traffic-adviceへのアクセス
Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件 〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発[東京/浜松]
/.well-known/traffic-advice
Spring Frameworkの脆弱性
Spring FrameworkのSpring Cloud Gatewayという機能の脆弱性に関する通信みたいです。
CVE-2022-22947: Spring Cloud Gateway Code Injection Vulnerability
/actuator/gateway/routes
ランサムウェアのSystemBCのバックドアを確認する通信
ランサムウェアのSystemBCに感染していないか確認する通信のようです。
wizSafe Security Signal 2025年5月 観測レポート – wizSafe Security Signal -安心・安全への道標- IIJ
/systembc/password.php
WordPress関連
/wp-login.php
/post/wp-login.php
/wp-content/themes/hello_dolly_v2.php
/wp-content/plugins/HelloDollyV2/hello_dolly_v2.php
/wp2/wp-includes/wlwmanifest.xml
/wp1/wp-includes/wlwmanifest.xml
/wp/wp-includes/wlwmanifest.xml
/wp-includes/wlwmanifest.xml
/wordpress/wp-includes/wlwmanifest.xml
/website/wp-includes/wlwmanifest.xml
/web/wp-includes/wlwmanifest.xml
/test/wp-includes/wlwmanifest.xml
/sito/wp-includes/wlwmanifest.xml
/site/wp-includes/wlwmanifest.xml
/shop/wp-includes/wlwmanifest.xml
/wp-admin/
/wp-content/uploads/
/wp-includes/
/wp-content/themes/
/wp-content/plugins/
PHPUnitのevalをリモート実行
PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信
最近減ってきました。
JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php
/vendor/phpunit/Util/PHP/eval-stdin.php
/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/phpunit/Util/PHP/eval-stdin.php
/phpunit/Util/PHP/eval-stdin.php
/lib/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php
/lib/phpunit/Util/PHP/eval-stdin.php
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
不審な通信の一覧
| uri | count |
|---|---|
| /robots.txt | 2074 |
| /.env | 818 |
| / | 601 |
| /favicon.ico | 534 |
| /.git/config | 332 |
| /sw.js | 296 |
| /wp-login.php | 280 |
| /post/wp-login.php | 249 |
| * | 245 |
| /ads.txt | 211 |
| /api/.env | 154 |
| /.well-known/traffic-advice | 136 |
| /.env.example | 116 |
| /password/reset | 106 |
| /.env.prod | 105 |
| /.env.bak | 105 |
| /.env.production | 104 |
| /.env.local | 103 |
| /.env.dev | 103 |
| /.env.save | 102 |
| /admin/config.php | 99 |
| mstshash=Administr | 98 |
| /.env.backup | 97 |
| /.env_sample | 96 |
| \x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=’:\xA9\x82\xD9o\xC8\xA2\xD7\x93\x98\xB4\xEF\x80\xE5\xB9\x90\x00(\xC0 | 92 |
| /.env.production.local | 86 |
| /admin/assets/css/jquery-ui.css | 85 |
| /.env.stage | 85 |
| /.env.development.local | 83 |
| /.env.old | 82 |
| /.env.live | 81 |
| /.env.dev.local | 81 |
| /admin/assets/js/pbxlib.js | 79 |
| /.env_1 | 78 |
| /_profiler/phpinfo | 75 |
| /.env.www | 68 |
| /.env.prod.local | 68 |
| /index.xml | 65 |
| /geoserver/web/ | 61 |
| /fapi/v1/ticker/bookTicker?symbol=BTCUSDT | 60 |
| /config.json | 60 |
| /webui/ | 59 |
| /actuator/gateway/routes | 58 |
| /1.php | 58 |
| /upl.php | 55 |
| /t4 | 55 |
| /systembc/password.php | 55 |
| /password.php | 55 |
| /geoip/ | 55 |
| /form.html | 55 |
| /wp-content/themes/hello_dolly_v2.php | 54 |
| /wp-content/plugins/HelloDollyV2/hello_dolly_v2.php | 54 |
| /backend/.env | 54 |
| /admin/assets/js/views/login.js | 53 |
| /.aws/credentials | 53 |
| /developmentserver/metadatauploader | 50 |
| /containers/json | 48 |
| /wordpress | 47 |
| /boaform/admin/formLogin | 47 |
| /wp | 46 |
| /old | 46 |
| /backup | 46 |
| /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 45 |
| /new | 45 |
| /admin/.env | 45 |
| /main | 44 |
| /home | 44 |
| /wp-content/ | 42 |
| /.well-known/ | 42 |
| /wp-admin/ | 41 |
| /wp-content/uploads/ | 40 |
| /wp-includes/ | 39 |
| /wp-content/themes/ | 38 |
| /wp-content/plugins/ | 38 |
| /bk | 37 |
| /bc | 37 |
| /.well-known/acme-challenge/ | 37 |
| /.well-known/security.txt | 36 |
| /config/.env | 35 |
| /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh | 35 |
| /app_dev.php/_profiler/phpinfo | 35 |
| /.well-known/pki-validation/ | 34 |
| /login | 33 |
| //wp-includes/js/tinymce/skins/lightgray/img/index.php?p= | 33 |
| //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 33 |
| /version | 32 |
| /security.txt | 32 |
| /phpinfo.php | 31 |
| /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /css/ | 31 |
| /admin/configs.php | 31 |
| /aaa9 | 31 |
| /.env.test | 31 |
| /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 30 |
| /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 30 |
| /info.php | 30 |
| /wp-content/plugins/WordPressCore/include.php | 29 |
| /.git/HEAD | 29 |
| /xmlrpc.php | 28 |
| /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /vendor/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php | 28 |
| /vendor/phpunit/phpunit/LICENSE/eval-stdin.php | 28 |
| /vendor/phpunit/Util/PHP/eval-stdin.php | 28 |
| /phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /phpunit/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /phpunit/phpunit/Util/PHP/eval-stdin.php | 28 |
| /phpunit/Util/PHP/eval-stdin.php | 28 |
| /lib/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 28 |
| /lib/phpunit/phpunit/Util/PHP/eval-stdin.php | 28 |
| /lib/phpunit/Util/PHP/eval-stdin.php | 28 |
| /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input | 28 |
| /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello | 27 |
| /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello | 27 |
| /index.php?lang=../../../../../../../../tmp/index1 | 27 |
| /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 27 |
| /wp-includes/widgets/include.php | 26 |
| /wp-includes/images/include.php | 26 |
| /wiki | 26 |
| /webui | 26 |
| /sftp-config.json | 26 |
| /owa/ | 26 |
| //.env | 26 |
| /.vscode/sftp.json | 26 |
| /.env.dist | 26 |
| /api/.git/config | 25 |
| /aab9 | 25 |
| /phpinfo | 24 |
| /xmlrpc.php?rsd | 23 |
| /owa/auth/logon.aspx | 23 |
| /login.php | 23 |
| /core/.env | 23 |
| /wp2/wp-includes/wlwmanifest.xml | 22 |
| /wp1/wp-includes/wlwmanifest.xml | 22 |
| /wp/wp-includes/wlwmanifest.xml | 22 |
| /wp-includes/wlwmanifest.xml | 22 |
| /wordpress/wp-includes/wlwmanifest.xml | 22 |
| /website/wp-includes/wlwmanifest.xml | 22 |
| /web/wp-includes/wlwmanifest.xml | 22 |
| /test/wp-includes/wlwmanifest.xml | 22 |
| /sito/wp-includes/wlwmanifest.xml | 22 |
| /site/wp-includes/wlwmanifest.xml | 22 |
| /shop/wp-includes/wlwmanifest.xml | 22 |
| /sftp.json | 22 |
| /public/.env | 22 |
| /news/wp-includes/wlwmanifest.xml | 22 |
| /cms/wp-includes/wlwmanifest.xml | 22 |
| /blog/wp-includes/wlwmanifest.xml | 22 |
| /app/.env | 22 |
| /HNAP1 | 22 |
| /prod/.env | 21 |
| /docker/.env | 21 |
| /cgi-bin/luci/;stok=/locale | 21 |
| /build/.env | 21 |
| /wp-content/themes/include.php | 20 |
| /wp-content/plugins/include.php | 20 |
| /sdk | 20 |
| /aab8 | 20 |
| /sellers.json | 19 |
| /media/wp-includes/wlwmanifest.xml | 19 |
| /config/.git/config | 19 |
| /cgi-bin/authLogin.cgi | 19 |
| /admin/.git/config | 19 |
| /.env.testing | 19 |
| google.com:443 | 18 |
| /project/.git/config | 18 |
| /media../.git/config | 18 |
| //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 18 |
| //lib/phpunit/phpunit/Util/PHP/eval-stdin.php | 18 |
| /.env.ci | 18 |
| /.config/sftp.json | 18 |
| client\x18\x0C\xCA\xA9\x03\x00\x07default\x00 | 17 |
| /src/.git/config | 17 |
| /local/.env | 17 |
| /helpdesk/WebObjects/Helpdesk.woa | 17 |
| /files/.git/config | 17 |
| /categories/%3Cstrange-chars%3E | 17 |
| /assets../.git/config | 17 |
| /app/.git/config | 17 |
| /actuator/health | 17 |
| /.env.uat | 17 |
| /.env.sandbox | 17 |
| /.env.config | 17 |
| /test.php | 16 |
| /static../.git/config | 16 |
| /settings/.env | 16 |
| /server/.git/config | 16 |
| /login.html | 16 |
| /index.php | 16 |
| /data/.git/config | 16 |
| /core/.git/config | 16 |
| /backup/.git/config | 16 |
| /.git/index | 16 |
| /.env.template | 16 |
| /.env.staging.local | 16 |
| /.env.default | 16 |
| 7 | 15 |
| /shop/.env | 15 |
| /public/.git/config | 15 |
| /media/.git/config | 15 |
| /docker-compose.prod.yml | 15 |
| /dev/.git/config | 15 |
| /configuration/.env | 15 |
| /application/.env | 15 |
| /.env.secret | 15 |
| /.env.preprod | 15 |
| /www/.git/config | 14 |
| /wp-admin/install.php | 14 |
| /v1 | 14 |
| /locales/locale.json?locale=../../config/&namespace=database | 14 |
| /dana-na/nc/nc_gina_ver.txt | 14 |
| /dana-cached/hc/HostCheckerInstaller.osx | 14 |
| /cms/.git/config | 14 |
| /admin/ | 14 |
| /.env.staging | 14 |
| /+CSCOE+/logon.html | 14 |
| /xml/info.xml | 13 |
| /user | 13 |
