ITオムライス
  1. ITオムライス
  2. Posts
  3. webサーバのログの分析2026 5月分

webサーバのログの分析2026 5月分

2026-06-01 技術系

目次

公開している web サーバのログから通常のアクセスではない通信について分析しました。

多かったリクエスト

GeoServer における XML 外部エンティティ(XXE)の脆弱性

地理空間データを共有するためのオープンソースサーバー「GeoServer」の脆弱性を狙った通信です。悪用されると、攻撃者によってサーバー内の機密ファイルの読み取りが行われたり、サーバーを踏み台にした内部ネットワークへの不正アクセス(SSRF)を引き起こされる恐れがあります。

/geoserver/web/

環境変数ファイル(.env)の露出スキャン

WebアプリケーションのデータベースのパスワードやAPIキーなど、重大な機密情報が記述されている「.env」ファイルが外部から直接閲覧可能になっていないかを探る、非常に一般的な自動スキャン攻撃です。

/backend/.env
/api/.env
/.env
/admin/.env
/160.16.89.181/.env

WordPressへの不正アクセス・探索行為

WordPressのログイン画面や、外部からの遠隔操作用API(XML-RPC)を狙った通信です。管理者パスワードの総当たり攻撃(ブルートフォース)や、踏み台としての悪用を目的としたスキャンと考えられます。

/wp-content/plugins/
/wp-content/themes/about.php
/wp-content/admin.php
/wp-includes/assets/index.php
/wp-content/
/post/20231208/wp-login.php
/wp-login.php
/post/wp-login.php
/wp-content/themes/
/wp-content/themes/index.php
/wp-content/radio.php
/wp-content/themes/admin.php
/wp-content/plugins/hellopress/wp_filemanager.php
/xmlrpc.php
/wp-content/uploads/
/wp-includes/
/wp-content/plugins/index.php

Cisco 製 Cisco IOS XE などのネットワーク機器の Web UI の脆弱性

Cisco製のネットワーク機器のWeb UIの脆弱性を狙った通信です。

/webui/

PHPUnitのevalをリモート実行

PHPのユニットテストツールのPHPUnitの脆弱性を利用してのeval()を実行しようとする通信です。

/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/Util/PHP/eval-stdin.php
/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/Util/PHP/eval-stdin.php
/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/Util/PHP/eval-stdin.php
/phpunit/phpunit/Util/PHP/eval-stdin.php
/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/Util/PHP/eval-stdin.php
/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/lib/phpunit/src/Util/PHP/eval-stdin.php
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Hikvision製ネットワークカメラにおけるコマンドインジェクションの脆弱性(CVE-2021-36260)

XML文書の<language>要素内に任意のコマンドを記述することによって、コマンドの実行を試みる攻撃です

【NetOne-SOC】2024年度第1四半期 セキュリティイベントの検知傾向 | ネットワンシステムズ

/SDK/webLanguage

chunksの調査

chunksを利用しているかを調査する通信が大量にきていました。

/_next/static/chunks/259ea9c815e81d24.js
/_next/static/chunks/41ba4f39d5296fd8.js
/_next/static/chunks/df76c9a54ee29a76.js
/_next/static/chunks/d57d8b0fe948f533.js
/_next/static/chunks/4b86fdb2092e3abd.js
/_next/static/chunks/f868387fe51474b6.js
/_next/static/chunks/533f5ab6834b44fc.js
/_next/static/chunks/11583576b68e41f6.js
/_next/static/chunks/f54e892d6b78c6ff.js
/_next/static/chunks/8001d5adf8a1233a.js

不審な通信の一覧

アクセス数 メソッド リクエスト
193 GET HTTP/1.1 /wp-login.php
109 GET HTTP/1.1 /.env
104 GET HTTP/1.1 /.git/config
100 GET HTTP/1.1 /administrator/
66 GET HTTP/1.1 /wp-content/plugins/hellopress/wp_filemanager.php
65 GET HTTP/1.1 /SDK/webLanguage
63 GET HTTP/1.1 /about.php
62 GET HTTP/1.1 /ioxi-o.php
57 GET HTTP/1.1 /app-ads.txt
56 GET HTTP/1.1 /info.php
55 GET HTTP/1.1 /as.php
50 GET HTTP/1.1 /222.php
49 GET HTTP/1.1 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
49 GET HTTP/1.1 /wp-content/admin.php
47 GET HTTP/1.1 /admin.php
46 GET HTTP/1.1 /classwithtostring.php
46 POST HTTP/1.1 /xmlrpc.php
45 GET HTTP/1.1 /goods.php
45 GET HTTP/1.1 /file.php
44 GET HTTP/1.1 /wp-good.php
43 GET HTTP/1.1 /vendor/phpunit/src/Util/PHP/eval-stdin.php
43 GET HTTP/1.1 /vendor/phpunit/Util/PHP/eval-stdin.php
43 GET HTTP/1.1 /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
43 POST HTTP/1.1 /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
42 GET HTTP/1.1 /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /phpunit/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /lib/phpunit/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /phpunit/phpunit/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /lib/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /vendor/phpunit/phpunit/LICENSE/eval-stdin.php
42 GET HTTP/1.1 /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
42 GET HTTP/1.1 /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
41 GET HTTP/1.1 /index.php?lang=../../../../../../../../tmp/index1
41 GET HTTP/1.1 /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
41 GET HTTP/1.1 /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
41 GET HTTP/1.1 /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
41 GET HTTP/1.1 /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
41 GET HTTP/1.1 /inputs.php
41 GET HTTP/1.1 /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
41 GET HTTP/1.1 /containers/json
41 GET HTTP/1.1 /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
40 GET HTTP/1.1 /alfa.php
38 GET HTTP/1.1 /abcd.php
38 GET HTTP/1.1 /adminfuns.php
38 GET HTTP/1.1 /403.php
37 GET HTTP/1.1 /site.webmanifest
37 GET HTTP/1.1 /ms-edit.php
37 GET HTTP/1.1 /wp-content/uploads/
36 GET HTTP/1.1 /wp-includes/
35 GET HTTP/1.1 /1.php
34 GET HTTP/1.1 /.well-known/security.txt
34 GET HTTP/1.1 /404.php
32 GET HTTP/1.1 /css.php
32 GET HTTP/1.1 /66.php
32 GET HTTP/1.1 /admin/.env
32 GET HTTP/1.1 /wp9.php
31 GET HTTP/1.1 /edit.php
31 GET HTTP/1.0 /admin/config.php
31 GET HTTP/1.1 /gifclass.php
29 GET HTTP/1.1 /index/function.php
29 GET HTTP/1.1 /bless.php
29 GET HTTP/1.1 /xmlrpc.php
29 GET HTTP/1.1 /bolt.php
29 GET HTTP/1.1 /install.php
29 GET HTTP/1.1 /g.php
28 GET HTTP/1.1 /gettest.php
28 GET HTTP/1.1 /simple.php
28 GET HTTP/1.1 /class-t.api.php
27 GET HTTP/1.1 /init.php
27 GET HTTP/1.1 /post/wp-login.php
26 GET HTTP/1.1 /class.php
26 GET HTTP/1.1 /wp-content/themes/
26 GET HTTP/1.1 /wp-admin/css/bolt.php
26 GET HTTP/1.1 /wp-blog.php
25 GET HTTP/1.1 /a5.php
25 GET HTTP/1.1 /kj.php
25 GET HTTP/1.1 /bgymj.php
25 GET HTTP/1.1 /.env.bak
24 GET HTTP/1.1 /0x.php
24 GET HTTP/1.1 /abc.php
24 GET HTTP/1.1 /wp-act.php
24 GET HTTP/1.1 /wp-content/plugins/index.php
24 GET HTTP/1.1 /aa.php
24 GET HTTP/1.1 /.env.save
23 GET HTTP/1.0 /robots.txt
23 GET HTTP/1.1 /cong.php
23 GET HTTP/1.1 /f35.php
23 GET HTTP/1.1 /wp-trackback.php
23 GET HTTP/1.1 /8.php
23 GET HTTP/1.1 /wp-blog-header.php
23 GET HTTP/1.1 /.aws/credentials
23 GET HTTP/1.1 /ws86.php
23 GET HTTP/1.1 /ms.php
23 GET HTTP/1.1 /wp-includes/assets/index.php
23 GET HTTP/1.1 /lib.php
23 GET HTTP/1.1 /wp-content/themes/index.php
22 GET HTTP/1.1 /wp-content/radio.php
22 GET HTTP/1.1 /uploads/
22 GET HTTP/1.1 /wp-content/
22 GET HTTP/1.1 /wp-the.php
22 GET HTTP/1.1 /file.php?
22 GET HTTP/1.1 /uuu.php
21 GET HTTP/1.1 /byp.php
21 GET HTTP/1.1 /geoserver/web/
21 GET HTTP/1.1 /a2.php
21 GET HTTP/1.1 /166.php
21 GET HTTP/1.1 /gptsh.php
21 GET HTTP/1.1 /motu.php
21 GET HTTP/1.1 /test1.php
21 GET HTTP/1.1 /backend/.env
21 GET HTTP/1.1 /155.php
21 GET HTTP/1.1 /sf.php
21 GET HTTP/1.1 /jp.php
21 GET HTTP/1.1 /666.php
21 GET HTTP/1.1 /ws.php
20 GET HTTP/1.1 /moon.php
20 GET HTTP/1.1 /wp-config.php
20 GET HTTP/1.1 /webui/
20 GET HTTP/1.1 /themes.php
20 GET HTTP/1.1 /b.php
20 GET HTTP/1.1 /txets.php
19 GET HTTP/1.1 /amax.php
19 GET HTTP/1.1 /tool.php
19 GET HTTP/1.1 /actuator/gateway/routes
19 GET HTTP/1.1 /s.php
19 GET HTTP/1.1 /wp-admin/
19 GET HTTP/1.1 /_next/static/chunks/a889f287f377e3e9.css
19 GET HTTP/1.1 /hplfuns.php
19 GET HTTP/1.1 /.well-known/
19 GET HTTP/1.1 /inege.php
19 GET HTTP/1.1 /_next/static/chunks/de0700ad3be2e209.css
19 GET HTTP/1.1 /wen.php
19 GET HTTP/1.1 /albin.php
19 GET HTTP/1.1 /jga.php
18 GET HTTP/1.1 /_next/static/chunks/7c3248f43b5628bb.js
18 GET HTTP/1.1 /umamiuma
18 GET HTTP/1.1 /.env.local
18 GET HTTP/1.1 /wp-content/themes/admin.php
18 GET HTTP/1.1 /_next/static/chunks/0f14fee1bcad78c1.js
18 GET HTTP/1.1 /_next/static/chunks/b862f80a14993d06.js
18 GET HTTP/1.1 /_next/static/chunks/turbopack-98dfdce18196de0e.js
18 GET HTTP/1.1 /.well-known/traffic-advice
18 GET HTTP/1.1 /_next/static/chunks/259ea9c815e81d24.js
18 GET HTTP/1.1 /default.php
18 GET HTTP/1.1 /_next/static/chunks/41ba4f39d5296fd8.js
18 GET HTTP/1.1 /autoload_classmap.php?p=
18 GET HTTP/1.1 /api/.env
18 GET HTTP/1.1 /_next/static/chunks/df76c9a54ee29a76.js
18 GET HTTP/1.1 /.env.backup
18 GET HTTP/1.1 /_next/static/chunks/d57d8b0fe948f533.js
18 GET HTTP/1.1 /_next/static/chunks/4b86fdb2092e3abd.js
18 GET HTTP/1.1 /torsa1.php
18 GET HTTP/1.1 /wp-content/plugins/
18 GET HTTP/1.1 /_next/static/chunks/f868387fe51474b6.js
18 GET HTTP/1.1 /_next/static/chunks/533f5ab6834b44fc.js
18 GET HTTP/1.1 /_next/static/chunks/11583576b68e41f6.js
18 GET HTTP/1.1 /_next/static/chunks/f54e892d6b78c6ff.js
18 GET HTTP/1.1 /wp-access.php
18 GET HTTP/1.1 /_next/static/chunks/8001d5adf8a1233a.js
17 GET HTTP/1.1 /config.js
17 GET HTTP/1.1 /fs.php
17 GET HTTP/1.1 /t.php
17 GET HTTP/1.1 /wp-content/themes/about.php
17 GET HTTP/1.1 /ccs.php
17 GET HTTP/1.1 /rithin.php
17 GET HTTP/1.1 /ws77.php
17 GET HTTP/1.1 /vx.php
17 GET HTTP/1.1 /domains.php
17 GET HTTP/1.1 /ws84.php
16 GET HTTP/1.1 /developmentserver/metadatauploader
16 GET HTTP/1.1 /tt.php
16 GET HTTP/1.1 /plss3.php





最近読んでる本


[商品価格に関しましては、リンクが作成された時点と現時点で情報が変更されている場合がございます。]

過疎ビジネス (集英社新書) [ 横山 勲 ]
価格:1,100円(税込、送料無料) (2026/5/24時点)



関連記事

新着記事