ITオムライス
  1. ITオムライス
  2. Posts
  3. webサーバのログの分析2026 2月分

webサーバのログの分析2026 2月分

2026-03-22 技術系

目次

公開している web サーバのログから通常のアクセスではない通信について分析しました。
久しぶりに見たらWordPress関連が増えていました。

多かったリクエスト

設定ファイルを見たがる通信

/.env       
/.git/config

WordPress関連

/wp-includes/                                       
/wp-content/uploads/                                
/wp-admin/includes/                                 
/wp-content/themes/                                 
/wp-content/plugins/                                
/wp-content/uploads/2022/                           
/wp-content/uploads/2023/                           
/wp-content/uploads/2025/                           
/wp-content/uploads/2021/                           
/wp-content/uploads/2024/                           
/wp-content/uploads/2026/                           
/wp-content/uploads/2020/                           
/wp-login.php                                       
/wp-content/plugins/hellopress/wp_filemanager.php
/wp-content/admin.php

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信
最近減ってきました。

JVNDB-2017-005280 - JVN iPedia - 脆弱性対策情報データベース

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php            
/vendor/phpunit/src/Util/PHP/eval-stdin.php                
/vendor/phpunit/Util/PHP/eval-stdin.php                    
/vendor/phpunit/phpunit/LICENSE/eval-stdin.php             
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 
/phpunit/phpunit/src/Util/PHP/eval-stdin.php               
/phpunit/phpunit/Util/PHP/eval-stdin.php                   
/phpunit/src/Util/PHP/eval-stdin.php                       
/phpunit/Util/PHP/eval-stdin.php                           
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php           
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php               
/lib/phpunit/src/Util/PHP/eval-stdin.php                   
/lib/phpunit/Util/PHP/eval-stdin.php                       
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php     
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php  
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php     
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php  
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php    
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php  
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/e    
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php  
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php   
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Hikvision製ネットワークカメラの脆弱性(CVE-2021-36260)を狙った攻撃

PUTメソッドで脆弱性が発生するらしく今回はGETだったので疎通確認だと思われます。

2023年5月度 MBSD-SOCの検知傾向トピックス | 技術者ブログ | 三井物産セキュアディレクション株式会社

/SDK/webLanguage

不審な通信の一覧

アクセス数 メソッド リクエストヘッダ
555 GET HTTP/1.1 /.env
350 GET HTTP/1.1 /.git/config
271 GET HTTP/1.1 /wp-includes/
269 GET HTTP/1.1 /wp-content/uploads/
267 GET HTTP/1.1 /backup/
247 GET HTTP/1.1 /uploads/
226 GET HTTP/1.1 /wp-admin/includes/
225 GET HTTP/1.1 /wp-content/themes/
224 GET HTTP/1.1 /wp-content/plugins/
223 GET HTTP/1.1 /assets/
223 GET HTTP/1.1 /files/
221 GET HTTP/1.1 /wp-content/uploads/2022/
219 GET HTTP/1.1 /wp-content/uploads/2023/
219 GET HTTP/1.1 /tmp/
219 GET HTTP/1.1 /public/
219 GET HTTP/1.1 /wp-content/uploads/2025/
218 GET HTTP/1.1 /media/
218 GET HTTP/1.1 /wp-content/uploads/2021/
218 GET HTTP/1.1 /wp-content/uploads/2024/
218 GET HTTP/1.1 /wp-content/uploads/2026/
217 GET HTTP/1.1 /wp-content/uploads/2020/
213 GET HTTP/1.1 /wp-login.php
207 GET HTTP/1.1 /wp-content/plugins/hellopress/wp_filemanager.php
178 GET HTTP/1.1 /SDK/webLanguage
174 GET HTTP/1.1 /administrator/
173 GET HTTP/1.1 /login
124 GET HTTP/1.1 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
120 GET HTTP/1.1 /info.php
113 GET HTTP/1.1 /app-ads.txt
109 GET HTTP/1.1 /ioxi-o.php
107 GET HTTP/1.1 /app/.env
103 GET HTTP/1.1 /file.php
101 GET HTTP/1.1 /admin.php
99 GET HTTP/1.1 /alfa.php
94 GET HTTP/1.1 /api/.env
93 GET HTTP/1.1 /about.php
92 GET HTTP/1.1 /containers/json
91 POST HTTP/1.1 /hello.world?M–d+allow_url_include=1+M–d+auto_prepend_file=php://i
90 GET HTTP/1.1 /classwithtostring.php
90 GET HTTP/1.1 /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
90 GET HTTP/1.1 /vendor/phpunit/src/Util/PHP/eval-stdin.php
90 GET HTTP/1.1 /vendor/phpunit/Util/PHP/eval-stdin.php
90 GET HTTP/1.1 /vendor/phpunit/phpunit/LICENSE/eval-stdin.php
89 GET HTTP/1.1 /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
89 GET HTTP/1.1 /phpunit/phpunit/src/Util/PHP/eval-stdin.php
89 GET HTTP/1.1 /phpunit/phpunit/Util/PHP/eval-stdin.php
89 GET HTTP/1.1 /phpunit/src/Util/PHP/eval-stdin.php
88 GET HTTP/1.1 /phpunit/Util/PHP/eval-stdin.php
88 GET HTTP/1.1 /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
88 GET HTTP/1.1 /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /lib/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /lib/phpunit/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/e
87 GET HTTP/1.1 /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
87 GET HTTP/1.1 /index.php?s=/index/\x5Cthink\x5Capp/invokefunction&f
87 GET HTTP/1.1 /public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&f
87 GET HTTP/1.1 /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+c
87 GET HTTP/1.1 /index.php?lang=../../../../../../../../tmp/index1
86 GET HTTP/1.1 /x.php
86 GET HTTP/1.1 /.aws/credentials
85 GET HTTP/1.1 /config.json
81 GET HTTP/1.1 /autoload_classmap.php
79 GET HTTP/1.1 /.well-known/security.txt
77 GET HTTP/1.1 /wp-content/admin.php
77 GET HTTP/1.1 /a.php
76 GET HTTP/1.1 /class-t.api.php
76 GET HTTP/1.1 /.well-known/traffic-advice
73 GET HTTP/1.1 /geoserver/web/
72 GET HTTP/1.1 /public/.env
71 GET HTTP/1.1 /222.php
71 GET HTTP/1.1 /wp-content/plugins/index.php
70 GET HTTP/1.1 /.env.production
69 GET HTTP/1.1 /abcd.php
68 GET HTTP/1.1 /403.php
68 GET HTTP/1.1 /webui/




関連記事

新着記事