目次
公開している web サーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
GeoServer における XML 外部エンティティ(XXE)の脆弱性
地理空間データを共有するためのオープンソースサーバー「GeoServer」の脆弱性を狙った通信です。悪用されると、攻撃者によってサーバー内の機密ファイルの読み取りが行われたり、サーバーを踏み台にした内部ネットワークへの不正アクセス(SSRF)を引き起こされる恐れがあります。
/geoserver/web/
環境変数ファイル(.env)の露出スキャン
WebアプリケーションのデータベースのパスワードやAPIキーなど、重大な機密情報が記述されている「.env」ファイルが外部から直接閲覧可能になっていないかを探る、非常に一般的な自動スキャン攻撃です。
/app/.env
/laravel/.env
/admin/.env
/.env
/api/.env
/config/.env
/backend/.env
WordPressへの不正アクセス・探索行為
WordPressのログイン画面や、外部からの遠隔操作用API(XML-RPC)を狙った通信です。管理者パスワードの総当たり攻撃(ブルートフォース)や、踏み台としての悪用を目的としたスキャンと考えられます。
/wp-login.php
/wp-content/
/test/wp-includes/wlwmanifest.xml
/cms/wp-includes/wlwmanifest.xml
/wp-content/themes/
/wp-content/uploads/2020/
/wp-content/themes/index.php
/wp-content/uploads/2024/
/wordpress/wp-includes/wlwmanifest.xml
/wp-content/uploads/2022/
/post/wp-login.php
/post/20231208/wp-login.php
/web/wp-includes/wlwmanifest.xml
/wp-content/plugins/hellopress/wp_filemanager.php
/wp-content/index.php
/wp1/wp-includes/wlwmanifest.xml
/wp-includes/
/site/wp-includes/wlwmanifest.xml
/wp-content/admin.php
/wp-content/themes/hello_dolly_v2.php
/xmlrpc.php
/wp-content/plugins/HelloDollyV2/hello_dolly_v2.php
/wp-content/uploads/2021/
/wp-content/uploads/2023/
/wp-content/uploads/
/wp-content/plugins/
/wp-content/uploads/2025/
/wp-content/uploads/2026/
/blog/wp-includes/wlwmanifest.xml
/xmlrpc.php?rsd
/wp/wp-includes/wlwmanifest.xml
Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性
Cisco製のネットワーク機器のWeb UIの脆弱性を狙った通信です。
/webui/
PHPUnitのevalをリモート実行
PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信です。
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/phpunit/Util/PHP/eval-stdin.php
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/src/Util/PHP/eval-stdin.php
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/src/Util/PHP/eval-stdin.php
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php
/vendor/phpunit/src/Util/PHP/eval-stdin.php
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/Util/PHP/eval-stdin.php
/vendor/phpunit/Util/PHP/eval-stdin.php
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/Util/PHP/eval-stdin.php
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
不審な通信の一覧
| アクセス数 | メソッド | リクエスト |
|---|---|---|
| 492 | GET | HTTP/1.1 /wp-login.php |
| 401 | GET | HTTP/1.0 /admin/config.php |
| 374 | GET | HTTP/1.1 /administrator/ |
| 359 | GET | HTTP/1.1 /.env |
| 354 | GET | HTTP/1.1 /.git/config |
| 201 | GET | HTTP/1.1 /post/wp-login.php |
| 192 | GET | HTTP/1.1 /wp-content/plugins/hellopress/wp_filemanager.php |
| 189 | GET | HTTP/1.1 /wp-content/uploads/ |
| 174 | GET | HTTP/1.1 /wp-includes/ |
| 155 | GET | HTTP/1.1 /post/20231208/wp-login.php |
| 153 | GET | HTTP/1.1 /wp-content/themes/ |
| 146 | GET | HTTP/1.1 /wp-content/plugins/ |
| 138 | GET | HTTP/1.1 /wp-admin/includes/ |
| 137 | GET | HTTP/1.1 /assets/ |
| 136 | GET | HTTP/1.1 /wp-content/uploads/2020/ |
| 135 | GET | HTTP/1.1 /SDK/webLanguage |
| 135 | GET | HTTP/1.1 /wp-content/uploads/2025/ |
| 135 | GET | HTTP/1.1 /backup/ |
| 134 | GET | HTTP/1.1 /uploads/ |
| 132 | GET | HTTP/1.1 /files/ |
| 132 | GET | HTTP/1.1 /wp-content/uploads/2024/ |
| 131 | GET | HTTP/1.1 /public/ |
| 128 | GET | HTTP/1.1 /media/ |
| 126 | GET | HTTP/1.1 /wp-content/uploads/2022/ |
| 124 | GET | HTTP/1.1 /wp-content/uploads/2021/ |
| 123 | GET | HTTP/1.1 /tmp/ |
| 123 | GET | HTTP/1.1 /wp-content/uploads/2023/ |
| 120 | GET | HTTP/1.1 /app-ads.txt |
| 119 | GET | HTTP/1.1 /ip |
| 116 | GET | HTTP/1.1 /wp-content/uploads/2026/ |
| 101 | GET | HTTP/1.1 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 95 | GET | HTTP/1.1 /info.php |
| 93 | GET | HTTP/1.1 /ioxi-o.php |
| 90 | GET | HTTP/1.1 /1.php |
| 89 | POST | HTTP/1.1 /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input |
| 89 | GET | HTTP/1.1 /admin.php |
| 89 | GET | HTTP/1.1 /phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 88 | GET | HTTP/1.1 /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /containers/json |
| 87 | GET | HTTP/1.1 /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /lib/phpunit/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /about.php |
| 87 | GET | HTTP/1.1 /lib/phpunit/phpunit/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /vendor/phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /vendor/phpunit/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /vendor/phpunit/phpunit/LICENSE/eval-stdin.php |
| 87 | GET | HTTP/1.1 /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /phpunit/phpunit/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /lib/phpunit/src/Util/PHP/eval-stdin.php |
| 87 | GET | HTTP/1.1 /phpunit/Util/PHP/eval-stdin.php |
| 86 | GET | HTTP/1.1 /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 86 | GET | HTTP/1.1 /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 86 | GET | HTTP/1.1 /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /index.php?lang=../../../../../../../../tmp/index1 |
| 85 | GET | HTTP/1.1 /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 85 | GET | HTTP/1.1 /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
| 82 | GET | HTTP/1.1 /config.php |
| 81 | GET | HTTP/1.1 /.well-known/security.txt |
| 80 | GET | HTTP/1.1 /ms-edit.php |
| 80 | GET | HTTP/1.1 /.well-known/traffic-advice |
| 79 | GET | HTTP/1.1 /chosen.php |
| 79 | GET | HTTP/1.1 /api/.env |
| 78 | GET | HTTP/1.1 /classwithtostring.php |
| 77 | GET | HTTP/1.1 /.env.production |
| 77 | GET | HTTP/1.1 /.env.local |
| 77 | GET | HTTP/1.1 /config.json |
| 76 | GET | HTTP/1.1 /222.php |
| 76 | GET | HTTP/1.1 /8.php |
| 74 | GET | HTTP/1.1 /wp.php |
| 74 | GET | HTTP/1.1 /xwx1.php |
| 71 | GET | HTTP/1.1 /2.php |
| 70 | GET | HTTP/1.1 /inputs.php |
| 70 | GET | HTTP/1.1 /dx.php |
| 69 | GET | HTTP/1.1 /.env.save |
| 69 | GET | HTTP/1.1 /alfa.php |
| 68 | GET | HTTP/1.1 /a5.php |
| 67 | GET | HTTP/1.1 /7.php |
| 65 | GET | HTTP/1.1 /abcd.php |
| 64 | GET | HTTP/1.1 /wp-content/ |
| 64 | GET | HTTP/1.1 /wp-content/admin.php |
| 63 | POST | HTTP/1.1 /wp-admin/admin-ajax.php |
| 62 | GET | HTTP/1.1 /goods.php |
| 62 | GET | HTTP/1.1 /wp-good.php |
| 62 | GET | HTTP/1.1 /adminfuns.php |
| 61 | GET | HTTP/1.1 /jp.php |
| 61 | GET | HTTP/1.1 /geoserver/web/ |
| 60 | GET | HTTP/1.1 /sadcut1.php |
| 60 | GET | HTTP/1.1 /aa.php |
| 60 | GET | HTTP/1.1 /.env.bak |
| 60 | GET | HTTP/1.1 /config/.env |
| 60 | GET | HTTP/1.1 /.aws/credentials |
| 60 | GET | HTTP/1.1 /security.txt |
| 59 | GET | HTTP/1.1 /f35.php |
| 59 | GET | HTTP/1.1 /file.php |
| 59 | GET | HTTP/1.1 /66.php |
| 59 | GET | HTTP/1.1 /css.php |
| 58 | GET | HTTP/1.1 /100.php |
| 58 | GET | HTTP/1.1 /k.php |
| 57 | GET | HTTP/1.1 /simple.php |
| 57 | GET | HTTP/1.1 /webui/ |
| 57 | GET | HTTP/1.1 /backend/.env |
| 56 | GET | HTTP/1.1 /actuator/gateway/routes |
| 56 | GET | HTTP/1.1 /.env.backup |
| 55 | GET | HTTP/1.1 /edit.php |
| 54 | GET | HTTP/1.1 /bolt.php |
| 53 | GET | HTTP/1.1 /hplfuns.php |
| 52 | GET | HTTP/1.1 /wp-the.php |
| 51 | GET | HTTP/1.1 /app/.env |
| 51 | GET | HTTP/1.1 /login |
| 50 | GET | HTTP/1.1 /themes.php |
| 49 | GET | HTTP/1.1 /fe5.php |
| 49 | GET | HTTP/1.1 /.env.prod |
| 49 | GET | HTTP/1.1 /gettest.php |
| 49 | GET | HTTP/1.1 /403.php |
| 48 | GET | HTTP/1.1 /wp-content/index.php |
| 48 | GET | HTTP/1.1 /a7.php |
| 48 | GET | HTTP/1.1 /as.php |
| 48 | GET | HTTP/1.1 /bgymj.php |
| 48 | GET | HTTP/1.1 /wp-blog.php |
| 48 | GET | HTTP/1.1 /lib.php |
| 48 | GET | HTTP/1.1 /wp-content/themes/hello_dolly_v2.php |
| 47 | GET | HTTP/1.1 /laravel/.env |
| 46 | GET | HTTP/1.1 /bless.php |
| 46 | GET | HTTP/1.1 /av.php |
| 46 | GET | HTTP/1.1 /.env.dev |
| 46 | GET | HTTP/1.1 /default.php |
| 46 | GET | HTTP/1.1 /php.php |
| 46 | GET | HTTP/1.1 /gifclass.php |
| 45 | GET | HTTP/1.1 /666.php |
| 45 | GET | HTTP/1.1 /aab9 |
| 45 | GET | HTTP/1.1 /doc.php |
| 44 | GET | HTTP/1.1 /file61.php |
| 44 | GET | HTTP/1.1 /developmentserver/metadatauploader |
| 44 | POST | HTTP/1.1 /xmlrpc.php |
| 43 | GET | HTTP/1.1 /g.php |
| 43 | GET | HTTP/1.1 /acp.php |
| 43 | GET | HTTP/1.1 /db.php |
| 43 | GET | HTTP/1.1 /aligk.php |
| 42 | GET | HTTP/1.1 /0x.php |
| 42 | GET | HTTP/1.1 /index.php |
| 42 | GET | HTTP/1.1 /aaa9 |
| 42 | GET | HTTP/1.1 /uuu.php |
| 41 | GET | HTTP/1.1 /p.php |
| 41 | GET | HTTP/1.1 /amax.php |
| 41 | GET | HTTP/1.1 /ws80.php |
| 41 | GET | HTTP/1.1 /bthil.php |
| 41 | GET | HTTP/1.1 /sid3.php |
| 41 | GET | HTTP/1.1 /jga.php |
| 40 | GET | HTTP/1.1 /atomlib.php |
| 40 | GET | HTTP/1.1 /byrgo.php |
| 40 | GET | HTTP/1.1 /wp-content/plugins/HelloDollyV2/hello_dolly_v2.php |
| 40 | GET | HTTP/1.1 /tx79.php |
| 40 | GET | HTTP/1.1 /byp.php |
| 40 | GET | HTTP/1.1 /radio.php |
| 40 | GET | HTTP/1.1 /index/function.php |
| 39 | GET | HTTP/1.1 /_profiler/phpinfo |
| 39 | GET | HTTP/1.1 /dass.php |
| 39 | GET | HTTP/1.1 /admin/.env |
| 39 | GET | HTTP/1.1 /term.php |
| 39 | GET | HTTP/1.1 /test.php |
| 38 | GET | HTTP/1.1 /fs.php |
| 38 | GET | HTTP/1.1 /site/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /test/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /blog/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /cms/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /xmlrpc.php?rsd |
| 38 | GET | HTTP/1.1 /wordpress/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /wp1/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /wp/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /web/wp-includes/wlwmanifest.xml |
| 38 | GET | HTTP/1.1 /wp-admin/ |
| 37 | HEAD | HTTP/1.1 /.env |
| 37 | GET | HTTP/1.1 /wp-content/themes/index.php |
