DreamerDreamのブログ

夢想家の夢です。〜揚げたてのモヤっとしたものをラフレシアと共に〜

WordPressのWebページ管理者は要注意!!Webページの不正アクセスログを集計してみた

僕が公開しているWebサイトの不正アクセス履歴を調べてみました。

今回の対象はざっと7000アクセス程度ですが、エンドポイント

http://www/サイトアドレス/ [ ここの部分 ] へのアタックを集計して書き出してみました。(一部です)リストの下ほどアクセス数が多い名前です。

 

※["エンドポイント",エンドポイントへのアタック数]です。

["python'.", 2]
["lib-dynload'.", 2]
['tmp', 2]
['3.3 configured -- resuming normal operations', 2]
['w00tw00t.at.blackhats.romanian.anti-sec:)', 2]
['manager', 2]
['wwscripts', 2]
['FormScripts', 2]
['hacly.php', 3]
['xiaohei.php', 3]
['cadre.php', 3]
['db.php', 3]
['xiaomo.php', 3]
['pwd', 3]
['servlet', 3]
['7A96EC7CA8EA17F1C58C2077A13BB60D.php', 3]
['phpMyadmin', 3]
['phpmyAdmin', 3]
['phpmyadmin3', 3]
['phpmyadmin4', 3]
['2phpmyadmin', 3]
['database', 3]
['sqlmanager', 3]
['mysqlmanager', 3]
['php-myadmin', 3]
['phpmy-admin', 3]
['phpMyAdmin2', 3]
['phpMyAdmin3', 3]
['phpMyAdmin4', 3]
['phpMyAdmin-3', 3]
['php-my-admin', 3]
['PMA2011', 3]
['PMA2012', 3]
['PMA2013', 3]
['PMA2014', 3]
['PMA2015', 3]
['PMA2016', 3]
['PMA2017', 3]
['PMA2018', 3]
['pma2011', 3]
['pma2012', 3]
['pma2013', 3]
['pma2014', 3]
['pma2015', 3]
['pma2016', 3]
['pma2017', 3]
['pma2018', 3]
['phpmyadmin2011', 3]
['phpmyadmin2012', 3]
['phpmyadmin2013', 3]
['phpmyadmin2014', 3]
['phpmyadmin2015', 3]
['phpmyadmin2016', 3]
['phpmyadmin2017', 3]
['phpmyadmin2018', 3]
['sitemap.xml', 4]
['wp-includes', 4]
['wordpress', 4]
['wp', 4]
['site', 4]
['cms', 4]
['bea_wls_deployment_internal', 4]
['pixel.gif', 4]
['index.css', 4]
['yj.php', 5]
['xmlrpc.php', 5]
['blog', 5]
['bg_boder.gif', 5]
['favicon.ico', 6]
['aa.php', 6]
['wb.php', 6]
['7.php', 6]
['cf_scripts', 6]
['CFIDE', 7]
['wp-login.php', 8]
['program', 10]
['shopdb', 10]
['phppma', 10]
['phpmy', 10]
['uu.php', 11]
['wp-content', 11]
['user', 12]
['phpMyAdmin123', 12]
['java.php', 17]
['data.php', 17]
['webdav', 18]
['_query.php', 18]
['ak.php', 18]
['ip.php', 18]
['92.php', 18]
['nuoxi.php', 18]
['htfr.php', 18]
['xiaomar.php', 18]
['fack.php', 18]
['angge.php', 18]
['db_pma.php', 19]
['license.php', 19]
['cmv.php', 19]
['wc.php', 19]
['db_dataml.php', 19]
['bak.php', 19]
['l7.php', 19]
['yumo.php', 19]
['wanan.php', 19]
['hh.php', 19]
['default.php', 19]
['tiandi.php', 19]
['linuxse.php', 19]
['qa.php', 19]
['Ss.php', 19]
['dexgp.php', 19]
['godkey.php', 19]
['okokok.php', 19]
['erwa.php', 19]
['pma.php', 19]
['ruyi.php', 19]
['51314.php', 19]
['5201314.php', 19]
['fusheng.php', 19]
['general.php', 19]
['repeat.php', 19]
['ldw.php', 19]
['api.php', 19]
['s1.php', 19]
['xiaodai.php', 19]
['xp.php', 19]
['p.php', 19]
['a.php', 19]
['conf.php', 19]
['123.php', 19]
['HX.php', 19]
['diy.php', 19]
['666.php', 19]
['777.php', 19]
['qwq.php', 19]
['.php', 19]
['infos.php', 19]
['zzk.php', 19]
['toor.php', 19]
['xiaoma.php', 19]
['xiaomae.php', 19]
['pmd', 19]
['typo3', 19]
['utility.css', 19]
['db_cts.php', 20]
['logon.php', 20]
['hell.php', 20]
['pmd_online.php', 20]
['lala-dpr.php', 20]
['text.php', 20]
['muhstik.php', 20]
['uploader.php', 20]
['cmdd.php', 20]
['knal.php', 20]
['appserv.php', 20]
['plugins', 20]
['xw1.php', 20]
['9678.php', 20]
['db_desql.php', 20]
['ak47.php', 20]
['defect.php', 20]
['webslee.php', 20]
['pe.php', 20]
['hm.php', 20]
['cainiao.php', 20]
['zuoshou.php', 20]
['zuo.php', 20]
['aotu.php', 20]
['system.php', 20]
['l6.php', 20]
['l8.php', 20]
['56.php', 20]
['mz.php', 20]
['min.php', 20]
['wan.php', 20]
['ssaa.php', 20]
['aw.php', 20]
['12.php', 20]
['infoo.php', 20]
['qwe.php', 20]
['1213.php', 20]
['post.php', 20]
['h1.php', 20]
['3.php', 20]
['phpinfi.php', 20]
['aaaa.php', 20]
['9510.php', 20]
['python.php', 20]
['sean.php', 20]
['app.php', 20]
['miao.php', 20]
['xz.php', 20]
['zuoindex.php', 20]
['zshmindex.php', 20]
['tomcat.php', 20]
['ceshi.php', 20]
['1hou.php', 20]
['ou2.php', 20]
['zuos.php', 20]
['zuoss.php', 20]
['zuoshss.php', 20]
['boots.php', 20]
['she.php', 20]
['qw.php', 20]
['caonma.php', 20]
['ss.php', 20]
['wcp.php', 20]
['u.php', 20]
['uuu.php', 20]
['sss.php', 20]
['core.php', 20]
['qaz.php', 20]
['sha.php', 20]
['ppx.php', 20]
['conf1g.php', 20]
['ver.php', 20]
['hack.php', 20]
['xxx.php', 20]
['phpAdmin', 20]
['phpMyadmin_bak', 20]
['phpmyadmin-old', 20]
['phpMyAdmin.old', 20]
['phpMyAdmin+++---', 20]
['phpmyadm1n', 20]
['phpMyadmi', 20]
['help-e.php', 21]
['htdocs.php', 21]
['desktop.ini.php', 21]
['lala.php', 21]
['wpo.php', 21]
['wp-config.php', 21]
['muhstik2.php', 21]
['muhstiks.php', 21]
['muhstik-dpr.php', 21]
['lol.php', 21]
['cmx.php', 21]
['scripts', 21]
['cacti', 21]
['wuwu11.php', 21]
['xw.php', 21]
['w.php', 21]
['sheep.php', 21]
['qaq.php', 21]
['db.init.php', 21]
['db_session.init.php', 21]
['db__.init.php', 21]
['wp-admins.php', 21]
['mx.php', 21]
['wshell.php', 21]
['xshell.php', 21]
['conflg.php', 21]
['lindex.php', 21]
['phpstudy.php', 21]
['phpStudy.php', 21]
['weixiao.php', 21]
['feixiang.php', 21]
['ak48.php', 21]
['xiao.php', 21]
['yao.php', 21]
['PMA2', 21]
['pmamy', 21]
['pmamy2', 21]
['web', 21]
['mysql_admin', 21]
['phpadmin', 21]
['phpmyadmin0', 21]
['phpmyadmin1', 21]
['phpMyAdmin-4.4.0', 21]
['myadmin2', 21]
['xampp', 21]
['www', 21]
['tools', 21]
['phpMyAdminold', 21]
['pma-old', 21]
['claroline', 21]
['phpma', 21]
['phpMyAbmin', 21]
['phpMyAdmin__', 21]
['v', 21]
['phpMyAdm1n', 21]
['shaAdmin', 21]
['phpMyAdmion', 21]
['phpMyAdmin1', 21]
['administrator', 21]
['dbadmin', 23]
['PMA', 24]
['mysqladmin', 24]
['mysql-admin', 24]
['phpmyadmin2', 24]
['', 25]
['hello.php', 25]
['pma', 25]
['myadmin', 26]
['MyAdmin', 26]
['index.php', 28]
['help.php', 36]
['2.php', 38]
['log.php', 39]
['q.php', 39]
['shell.php', 40]
['xx.php', 40]
['m.php', 40]
['s.php', 41]
['sql', 42]
['z.php', 44]
['x.php', 59]
['db', 59]
['test.php', 60]
['cmd.php', 62]
['mysql', 75]
['qq.php', 78]
['1.php', 78]
['confg.php', 79]
['phpMyAdmin', 88]
['phpmyadmin', 89]
['admin', 187]
('size', 7145)

圧倒的に「admin」「〜〜admin」に対しての試みが多いようです。

あとは「php」をねらったものや「SQL」狙ったもの。

同じアドレスでも

['php-myadmin', 3]
['phpmy-admin', 3]
['phpMyAdmin2', 3]
['phpMyAdmin3', 3]
['phpMyAdmin4', 3]
['phpMyAdmin-3', 3]
['php-my-admin', 3]

のように、大文字小文字のバリエーションを試したものが多いようです。

 

上記のことから、これらのアクセスの多くは「WordPress」などのCMSを狙ったものだと推測されます。

残念ながら僕のWebページはCMSで構築したものでは無いので管理者ログインを試みられることはありませんが(そもそもログイン画面が無い)

最近主流になっているWordPressを始めとしたCMSは初心者でも簡単に見栄えの良いWebページを作成できるということで人気になっています。

しかし、「管理者画面をWeb上に大公開しているサービス」ですので管理者のログインページを上記のリストに設定している人は特に要注意です。

 

少なくともログインIDがデフォルトの「admin」のままなんてことは無いように設定しましょう。

f:id:DreamerDream:20181122121904p:plain