Zenn
🌊

Renderでサイトを公開したら恐怖

に公開
Rails
render
情報セキュリティ
idea

Railsで作成したウェブアプリを公開して2週間ほどほったらかしていた。
Renderから「Web Service 〇〇 exceeded its memory limit」と言うメールが届いた。
なんだこれ?と思いRenderのログを確認した。

これらをリクエストされ、「404 Not Found」を返していた。
何かしら悪さをされようとしていることが分かる。

過去7日間のNetwork Metricsを確認した所、
1日だけではなかった。
多い日で548回も「404 Not Found」を返している。

XSSやSQLインジェクション等ウェブアプリを作る時の注意点は分かるようになってきたが、
ウェブアプリを公開する時の注意点をまだあまり知らない💦💦
知らないことが怖くてとりあえずサービスを停止した。
情報セキュリティについて勉強しようと言う気持ちが強くなった😨
怖い!!

サービス停止したから、
これ以上悪さされないから安心!

過去にされたことをゆっくり確認してみることにした。
wordpress...

悪い人たちの行動記録
...
Started GET "/wp/wp-admin/includes/class-wp-page-mvb2yr.php"
Started GET "/wp/"
Started GET "/wp.php"
Started GET "/wp-wso.php"
Started GET "/wp-signin.php"
Started GET "/wp-setup.php"
Started GET "/wp-setting.php"
Started GET "/wp-p.php7"
Started GET "/wp-mail.php"
Started GET "/wp-logs.php"
Started GET "/wp-login.php"
Started GET "/wp-login.php?action=register"
Started GET "/wp-load.php"
Started GET "/wp-l0gin.php"
Started GET "/wp-l0gin.php?p="
Started GET "/wp-includes/wp-class.php"
Started GET "/wp-includes/wp_class_datlib.php"
Started GET "/wp-includes/widgets/autoload_classmap.php"
Started GET "/wp-includes/widgets/about.php"
Started GET "/wp-includes/Text/Diff/index.php"
Started GET "/wp-includes/Text/Diff/Engine.php"
Started GET "/wp-includes/Text/about.php"
Started GET "/wp-includes/sx.php"
Started GET "/wp-includes/style-engine/autoload_classmap.php"
Started GET "/wp-includes/style-engine/about.php"
Started GET "/wp-includes/sts.php"
Started GET "/wp-includes/smaxx.php"
Started GET "/wp-includes/SimplePie/chosen.php"
Started GET "/wp-includes/SimplePie/about.php"
Started GET "/wp-includes/sim.php"
Started GET "/wp-includes/rk2.php"
Started GET "/wp-includes/rest-api/sx.php"
Started GET "/wp-includes/rest-api/search/"
Started GET "/wp-includes/rest-api/index.php"
Started GET "/wp-includes/rest-api/endpoints/html.php"
Started GET "/wp-includes/rest-api/about.php"
Started GET "/wp-includes/Requests/Text/admin.php"
Started GET "/wp-includes/Requests/dropdown.php"
Started GET "/wp-includes/Requests/about.php"
Started GET "/wp-includes/repeater.php"
Started GET "/wp-includes/pomo/wp-login.php"
Started GET "/wp-includes/pomo/fgertreyersd.php.suspected"
Started GET "/wp-includes/pomo/about.php"
Started GET "/wp-includes/PHPMailer/file.php"
Started GET "/wp-includes/js/tinymce/skins/wordpress/images/index.php"
Started GET "/wp-includes/js/tinymce/skins/lightgray/img/index.php"
Started GET "/wp-includes/js/tinymce/skins/lightgray/fonts/sx.php"
Started GET "/wp-includes/js/tinymce/langs/about.php"
Started GET "/wp-includes/js/jcrop/sx.php"
Started GET "/wp-includes/js/codemirror/"
Started GET "/wp-includes/IXR/wp-login.php"
Started GET "/wp-includes/IXR/sx.php"
Started GET "/wp-includes/IXR/chosen.php"
Started GET "/wp-includes/IXR/autoload_classmap.php"
Started GET "/wp-includes/IXR/about.php"
Started GET "/wp-includes/IXR/"
Started GET "/wp-includes/images/smilies/about.php"
Started GET "/wp-includes/images/smaxx.php"
Started GET "/wp-includes/images/include.php"
Started GET "/wp-includes/images/about.php"
Started GET "/wp-includes/ID3/sx.php"
Started GET "/wp-includes/ID3/about.php"
Started GET "/wp-includes/html-api/chosen.php"
Started GET "/wp-includes/html-api/about.php"
Started GET "/wp-includes/fonts/wp-login.php"
Started GET "/wp-includes/fonts/index.php"
Started GET "/wp-includes/fonts/index.php?p="
Started GET "/wp-includes/fonts/autoload_classmap.php"
Started GET "/wp-includes/fonts/admin.php"
Started GET "/wp-includes/fonts/admin.php?p="
Started GET "/wp-includes/customize/wp-login.php"
Started GET "/wp-includes/customize/about.php"
Started GET "/wp-includes/css/autoload_classmap.php"
Started GET "/wp-includes/certificates/chosen.php"
Started GET "/wp-includes/blocks/sx.php"
Started GET "/wp-includes/blocks/site-title/index.php"
Started GET "/wp-includes/blocks/calendar/index.php"
Started GET "/wp-includes/blocks/calendar/index.php?p="
Started GET "/wp-includes/blocks/about.php"
Started GET "/wp-includes/block-supports/sx.php"
Started GET "/wp-includes/block-patterns/about.php"
Started GET "/wp-includes/assets/about.php"
Started GET "/wp-includes/ALFA_DATA/alfacgiapi/perl.alfa"
Started GET "/wp-includes/afosul.php"
Started GET "/wp-includes/about.php"
Started GET "/wp-includes/404.php"
Started GET "/wp-includes/"
Started GET "/wp-includes.bak/html-api/about.php"
Started GET "/wp-files.php"
Started GET "/wp-error.php"
Started GET "/wp-content/x.php"
Started GET "/wp-content/wp.php"
Started GET "/wp-content/uploads/wp-login.php.suspected"
Started GET "/wp-content/uploads/json.php"
Started GET "/wp-content/uploads/error_log.php"
Started GET "/wp-content/uploads/de_fb_uploads/b.php"
Started GET "/wp-content/uploads/cong.php"
Started GET "/wp-content/uploads/chosen.php"
Started GET "/wp-content/uploads/cache.php"
Started GET "/wp-content/uploads/about.php"
Started GET "/wp-content/uploads/2024/alfa.php"
Started GET "/wp-content/uploads/"
Started GET "/wp-content/upgrade/sx.php"
Started GET "/wp-content/upgrade/file.php"
Started GET "/wp-content/upgrade-temp-backup/about.php"
Started GET "/wp-content/updraft/about.php"
Started GET "/wp-content/updates.php"
Started GET "/wp-content/themes/wp-classic/inc/index.php"
Started GET "/wp-content/themes/twentytwentytwo/index.php"
Started GET "/wp-content/themes/twentyfive/smaxx.php"
Started GET "/wp-content/themes/sketch/404.php"
Started GET "/wp-content/themes/seotheme/mar.php"
Started GET "/wp-content/themes/seotheme/db.php"
Started GET "/wp-content/themes/pridmag/db.php"
Started GET "/wp-content/themes/pridmag/db.php?u"
Started GET "/wp-content/themes/fitnessbase/404.php?ok"
Started GET "/wp-content/themes/admin.php"
Started GET "/wp-content/themes/about.php"
Started GET "/wp-content/sx.php"
Started GET "/wp-content/style-css.php"
Started GET "/wp-content/smaxx.php"
Started GET "/wp-content/repeater.php"
Started GET "/wp-content/plugins/yyobang/mar.php"
Started GET "/wp-content/plugins/WordPressCore/smaxx.php"
Started GET "/wp-content/plugins/WordPressCore/include.php"
...

自分が用意したファイルしか 200 OK 返していなかったから問題なかった🙌

Discussion