公開している web サーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
WordPress関連
7月はWordPress関連の通信がやたらと多かったです。
/wp-login.php
/wp-content/uploads/
/wp-content/
/wp-includes/
/wp-content/themes/
/wp-content/plugins/
/wp-admin/
/wp-includes/js/
/wp-content/themes/hello_dolly_v2.php
/wp-content/plugins/HelloDollyV2/hello_dolly_v2.php
/wp-includes/pomo/
/wp-includes/fonts/
/wp-includes/css/
/wp-includes/blocks/
/wp-includes/SimplePie/
/wp-includes/Requests/
/wp-includes/images/
/wp-includes/customize/
/wp-includes/certificates/
何かしらかをリセットしようとするリクエスト
何かのパスワードをリセットしようとしています。
/password/reset
traffic-adviceへのアクセス
Google Chromeの機能でアクセスされるみたいです。
traffic-adviceへのアクセスが増加している件 〜Google Chromeの先読みの仕組みの話〜 | 株式会社フーリエ | Web戦略・システム開発[東京/浜松]
/.well-known/traffic-advice
Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性
下記の記事のようなネットワーク機器のWeb UIにアクセスを試みる通信だと思われます。
Cisco 製 Cisco IOS XE の Web UI の脆弱性について(CVE-2023-20198 等) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構
/webui/
PHPUnitのevalをリモート実行
PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信
最近減ってきました。
JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/Util/PHP/eval-stdin.php
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/vendor/phpunit/Util/PHP/eval-stdin.php
不審な通信の一覧
| uri | count |
|---|---|
| /robots.txt | 2570 |
| /.env | 568 |
| /favicon.ico | 532 |
| /.git/config | 406 |
| /sw.js | 306 |
| /wp-login.php | 238 |
| /ads.txt | 202 |
| /.well-known/traffic-advice | 131 |
| /.well-known/ | 124 |
| /wp-content/uploads/ | 118 |
| /wp-content/ | 116 |
| /wp-includes/ | 113 |
| /password/reset | 113 |
| /.git/HEAD | 111 |
| /wp-content/themes/ | 110 |
| /wp-content/plugins/ | 110 |
| /wp-admin/ | 110 |
| /.well-known/acme-challenge/ | 98 |
| mstshash=Administr | 97 |
| /.well-known/pki-validation/ | 81 |
| /api/.env | 78 |
| /wp-content/themes/hello_dolly_v2.php | 72 |
| /wp-content/plugins/HelloDollyV2/hello_dolly_v2.php | 72 |
| /xmlrpc.php | 71 |
| /index.xml | 71 |
| /css/ | 71 |
| /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 70 |
| /admin/assets/js/pbxlib.js | 67 |
| /admin/assets/css/jquery-ui.css | 65 |
| /webui/ | 61 |
| /fapi/v1/ticker/bookTicker?symbol=BTCUSDT | 61 |
| /backend/.env | 61 |
| /admin/.env | 60 |
| /_profiler/phpinfo | 60 |
| /1.php | 60 |
| /t4 | 59 |
| /admin/assets/js/views/login.js | 59 |
| /actuator/gateway/routes | 59 |
| /.well-known/security.txt | 58 |
| /admin.php | 53 |
| /.env.local | 53 |
| /developmentserver/metadatauploader | 50 |
| /info.php | 49 |
| /.env.example | 49 |
| /config.json | 48 |
| /phpinfo.php | 46 |
| /login | 46 |
| /wp-admin/css/ | 45 |
| /.env.production | 45 |
| /wp-includes/js/ | 44 |
| /lib/phpunit/Util/PHP/eval-stdin.php | 44 |
| /containers/json | 44 |
| /.env.bak | 44 |
| /uploads/ | 43 |
| /security.txt | 43 |
| /about.php | 43 |
| /aaa9 | 43 |
| /wp-includes/ID3/ | 42 |
| /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh | 42 |
| /wp.php | 41 |
| /.aws/credentials | 41 |
| /wp-includes/pomo/ | 40 |
| /wp-includes/fonts/ | 40 |
| /wp-includes/css/ | 40 |
| /wp-includes/blocks/ | 40 |
| /wp-includes/SimplePie/ | 40 |
| /wp-includes/Requests/ | 40 |
| /wp-includes/images/ | 39 |
| /wp-includes/customize/ | 39 |
| /wp-includes/certificates/ | 39 |
| /radio.php | 39 |
| /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 39 |
| /config/.env | 39 |
| /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 39 |
| /admin/login.asp | 39 |
| /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 38 |
| /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php | 38 |
| /vendor/phpunit/Util/PHP/eval-stdin.php | 38 |
| /simple.php | 38 |
| /aab9 | 38 |
| /wp-includes/Text/ | 37 |
| /wp-includes/IXR/ | 37 |
| /wp-admin/network/ | 37 |
| /upload/ | 37 |
| /shell?cd+/tmp;rm+-rf+*;wget+ | 37 |
| /wp-includes/widgets/ | 36 |
| /wp-includes/rest-api/ | 36 |
| /wp-content/themes/include.php | 36 |
| /wp-content/plugins/WordPressCore/include.php | 36 |
| /wp-admin/includes/ | 36 |
| /upl.php | 36 |
| /systembc/password.php | 36 |
| /phpunit/phpunit/Util/PHP/eval-stdin.php | 36 |
| /phpunit/Util/PHP/eval-stdin.php | 36 |
| /phpinfo | 36 |
| /password.php | 36 |
| /geoip/ | 36 |
| /form.html | 36 |
| /dropdown.php | 36 |
| /cgi-bin/luci/;stok=/locale | 36 |
| /wp-includes/Text/Diff/Renderer/ | 35 |
| /wp | 35 |
| /wordpress | 35 |
| /version | 35 |
| /vendor/phpunit/phpunit/LICENSE/eval-stdin.php | 35 |
| /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 35 |
| /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 35 |
| /old | 35 |
| /new | 35 |
| /main | 35 |
| /inputs.php | 35 |
| /edit.php | 35 |
| /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 35 |
| /backup | 35 |
| /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 35 |
| /app/.env | 35 |
| /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 35 |
| /.env.save | 35 |
| /wp-includes/widgets/include.php | 34 |
| /wp-admin/user/ | 34 |
| /wp-admin/images/index.php | 34 |
| /vendor/phpunit/src/Util/PHP/eval-stdin.php | 34 |
| /vendor/phpunit/phpunit/src/Util/PHP/ | 34 |
| /php_info.php | 34 |
| /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input | 34 |
| /app_dev.php/_profiler/phpinfo | 34 |
| /admin/uploads/ | 34 |
| /.env.prod | 34 |
| /wp-content/mu-plugins/ | 33 |
| /install.php | 33 |
| /home | 33 |
| /content.php | 33 |
| /boaform/admin/formLogin | 33 |
| /ALFA_DATA/ | 33 |
| /wp-content/plugins/include.php | 32 |
| /wp-admin/meta/ | 32 |
| /wp-admin/maint/ | 32 |
| /wp-admin/images/ | 32 |
| /userRpmNatDebugRpm26525557/start_art.html | 32 |
| /shell.php | 32 |
| /plugins/ | 32 |
| /phpunit/src/Util/PHP/eval-stdin.php | 32 |
| /phpunit/phpunit/src/Util/PHP/eval-stdin.php | 32 |
| /owa/ | 32 |
| /modules/mod_simplefileuploadv1.3/elements/ | 32 |
| /lib/phpunit/src/Util/PHP/eval-stdin.php | 32 |
| /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 32 |
| /lib/phpunit/phpunit/Util/PHP/eval-stdin.php | 32 |
| /index.php | 32 |
| /admin/controller/extension/extension/ | 32 |
| /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /wp-content/plugins/index.php | 31 |
| /wp-admin/js/about.php | 31 |
| /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /test.php | 31 |
| /sites/default/files/ | 31 |
| /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /index.php?lang=../../../../../../../../tmp/index1 | 31 |
| /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /bk | 31 |
| /bc | 31 |
| /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /archives/2019 | 31 |
| /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /admin/config.php | 31 |
| /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 31 |
| /404.php | 31 |
| /.env.old | 31 |
| /wp-includes/images/include.php | 30 |
| /wp-includes/ID3/index.php | 30 |
| /wp-content/themes/about.php | 30 |
| /wp-content/about.php | 30 |
| /wp-admin/network/index.php | 30 |
| /wp-admin/css/colors/index.php | 30 |
| /themes.php | 30 |
| /post.php | 30 |
| /ini.php | 30 |
| /components/ | 30 |
| /chosen.php | 30 |
| /assets/ | 30 |
| /admin/configs.php | 30 |
| /SDK/webLanguage | 30 |
| /wp-2019.php | 29 |
| /wiki | 29 |
| /moon.php | 29 |
| /files/ | 29 |
| /alfanew.php | 29 |
| /.well-knownold/ | 29 |
| /xmrlpc.php | 28 |
| /wp-admin/images/cloud.php | 28 |
| /wp-admin.php | 28 |
| /wp-activate.php | 28 |
| /updates.php | 28 |
| /sellers.json | 28 |
| /makeasmtp.php | 28 |
| /images/ | 28 |
| /cgi-bin/ | 28 |
| /bypass.php | 28 |
| /assets/images/ | 28 |
| /as.php | 28 |
| /.env.development | 28 |
| /.env.backup | 28 |
| /ws.php | 27 |
| /wp-trackback.php | 27 |
| /wp-includes/about.php | 27 |
| /wp-content/plugins/fix/up.php | 27 |
| /wp-conflg.php | 27 |
| /wp-admin/css/index.php | 27 |
| /server/.env | 27 |
| /plugins.php | 27 |
| /page/style/index.css | 27 |
| /fw.php | 27 |
| /core/.env | 27 |
| /blog.php | 27 |
| /apps/.env | 27 |
| /wp-content/upgrade/ | 26 |
| /wp-admin/js/widgets/cloud.php | 26 |
| /wp-admin/includes/cloud.php | 26 |
| /modules/ | 26 |
| /mail.php | 26 |
| /log.php | 26 |
| /css.php | 26 |
| /cgi-bin/index.html | 26 |
| /boaform/form_loid_burning | 26 |
| /alfa-rex.php7 | 26 |
| /.env.dev | 26 |
| /wp-mail.php | 25 |
| /wp-includes/sitemaps/providers/ | 25 |
| /wp-includes/images/media/ | 25 |
| /wp-includes/images/crystal/ | 25 |
| /wp-includes/Text/about.php | 25 |
| /wp-content/themes/seotheme/db.php?u | 25 |
| /wp-content/plugins/seoplugins/mar.php | 25 |
| /wp-content/plugins/hellopress/wp_filemanager.php | 25 |
| /wp-admin/images/about.php | 25 |
| /upfile.php | 25 |
| /repeater.php | 25 |
