🌟
[セキュリティ] アクセスログを見て分かったWebサーバーへの攻撃手法 [注意喚起]
概要
Ruby on RailsのWebサーバーを管理してます。
アクセスログを見てると「こえー」と思うGET/POSTなどのログが出まくってたので纏めました。
何が起こった
下記、見てくださると分かると思います。
method=GET path=/.aws/credentials
method=GET path=/.env
method=GET path=/.env.development
method=GET path=/.env.dist
method=GET path=/.env.old
method=GET path=/.env.prod
method=GET path=/.env.production
method=GET path=/.env.project
method=GET path=/.env.save
method=GET path=/.git/HEAD
method=GET path=/.git/config
...
※ 全文は後述
管理しているサーバーでは上記すべて404 or 500 エラーになっていますが、こういうログが毎日出ています。
しかも複数のIPからのもの。
トレンドの開発事情をくみ取った巧妙な攻撃をしてきてます。
全Webサーバー管理者は、これらの HTTP リクエストがエラーになることの定期監視も組み込んだほうが良さそうです。
全文
method=GET path=/.aws/credentials
method=GET path=/.env
method=GET path=/.env.development
method=GET path=/.env.dist
method=GET path=/.env.old
method=GET path=/.env.prod
method=GET path=/.env.production
method=GET path=/.env.project
method=GET path=/.env.save
method=GET path=/.git/HEAD
method=GET path=/.git/config
method=GET path=/.json
method=GET path=/7Ewi
method=GET path=/PHPConf.php
method=GET path=/Public/home/js/check.js
method=GET path=/TkUI
method=GET path=/_ignition/execute-solution
method=GET path=/_phpinfo.php
method=GET path=/_profiler/phpinfo
method=GET path=/_wpeprivate/config.json
method=GET path=/actuator/gateway/routes
method=GET path=/admin-app/.env
method=GET path=/admin.php
method=GET path=/admin/.env
method=GET path=/admin/phpinfo.php
method=GET path=/api/.env
method=GET path=/app/.env
method=GET path=/app/config/.env
method=GET path=/application/.env
method=GET path=/apps/.env
method=GET path=/autodiscover/autodiscover.json
method=GET path=/back/.env
method=GET path=/blog/.env
method=GET path=/charge
method=GET path=/cms/.env
method=GET path=/config.env.js
method=GET path=/config.js
method=GET path=/config.json
method=GET path=/config/aws.yml
method=GET path=/console
method=GET path=/core/.env
method=GET path=/debug/default/view
method=GET path=/development/.env
method=GET path=/dns-query
method=GET path=/docker/.env
method=GET path=/dqgqoeCXckuwPtxov
method=GET path=/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
method=GET path=/enviroments/.env
method=GET path=/enviroments/.env.production
method=GET path=/frontend_dev.php/$
method=GET path=/geoserver
method=GET path=/geoserver/web
method=GET path=/info.php
method=GET path=/info/info.php
method=GET path=/info/phpinfo.php
method=GET path=/infophp.php
method=GET path=/information
method=GET path=/information.php
method=GET path=/laravel/.env
method=GET path=/latest_usage
method=GET path=/live_env
method=GET path=/local/.env
method=GET path=/php-info.php
method=GET path=/php.php
method=GET path=/php_info.php
method=GET path=/phpinfo
method=GET path=/phpinfo.php
method=GET path=/phpinfo/phpinfo.php
method=GET path=/phpinformation
method=GET path=/phpmyadmin/index.php
method=GET path=/phptest.php
method=GET path=/phpversion.php
method=GET path=/pinfo.php
method=GET path=/pmd/index.php
method=GET path=/private/.env
method=GET path=/public/.env
method=GET path=/script/.env
method=GET path=/scripts/phpinfo.php
method=GET path=/shared/.env
method=GET path=/solr/admin/info/system
method=GET path=/sources/.env
method=GET path=/stream
method=GET path=/system/.env
method=GET path=/temp.php
method=GET path=/testphpinfo
method=GET path=/testphpinfo.php
method=GET path=/usages
method=GET path=/vendor/.env
method=GET path=/vendor/laravel/.env
method=GET path=/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
method=GET path=/viewinfo.php
method=GET path=/web/.env
method=GET path=/wp-config.php
method=GET path=/ws/btcusdt@depth@0ms
method=HEAD path=/Core/Skin/Login.aspx
method=POST path=/.aws/credentials
method=POST path=/.env
method=POST path=/.env.development
method=POST path=/.env.dist
method=POST path=/.env.old
method=POST path=/.env.prod
method=POST path=/.env.production
method=POST path=/.env.project
method=POST path=/.env.save
method=POST path=/Autodiscover/Autodiscover.xml
method=POST path=/admin-app/.env
method=POST path=/api/.env
method=POST path=/api/v1/orders
method=POST path=/app/.env
method=POST path=/application/.env
method=POST path=/apps/.env
method=POST path=/back/.env
method=POST path=/boaform/admin/formLogin
method=POST path=/cms/.env
method=POST path=/core/.env
method=POST path=/development/.env
method=POST path=/docker/.env
method=POST path=/enviroments/.env
method=POST path=/enviroments/.env.production
method=POST path=/laravel/.env
method=POST path=/live_env
method=POST path=/private/.env
method=POST path=/script/.env
method=POST path=/shared/.env
method=POST path=/sources/.env
method=POST path=/system/.env
method=POST path=/users/access_token
method=POST path=/users/sign_in
method=POST path=/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Discussion