Webソフトウェアの名前をそのまま使うのは危険です

Author:
pma

先日、うちの勉強用テストサーバーにこんな感じでずらっとリクエストがきていた。

182.18.60.100 - - [17/May/2016:19:33:52 +0900] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 "-" "-"
182.18.60.100 - - [17/May/2016:19:33:54 +0900] "GET //phpMyAdmin-2.10.0.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:33:57 +0900] "GET //phpMyAdmin-2.10.0.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:33:58 +0900] "GET //phpMyAdmin-2.10.0.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:01 +0900] "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 404 233 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:02 +0900] "GET //phpMyAdmin-2.10.1.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:02 +0900] "GET //phpMyAdmin-2.10.2.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:02 +0900] "GET //phpMyAdmin-2.11.0.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:05 +0900] "GET //phpMyAdmin-2.11.1.0/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:10 +0900] "GET //phpMyAdmin-2.11.1.1/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:11 +0900] "GET //phpMyAdmin-2.11.1.2/scripts/setup.php HTTP/1.1" 404 235 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:14 +0900] "GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:15 +0900] "GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:15 +0900] "GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:16 +0900] "GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:19 +0900] "GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:19 +0900] "GET //phpMyAdmin-2.6.5/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:21 +0900] "GET //phpMyAdmin-2.6.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:23 +0900] "GET //phpMyAdmin-2.6.9/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:26 +0900] "GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 238 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:26 +0900] "GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:29 +0900] "GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:33 +0900] "GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:39 +0900] "GET //phpMyAdmin-2.7.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:40 +0900] "GET //phpMyAdmin-2.7.7/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:40 +0900] "GET //phpMyAdmin-2.8.2.3/scripts/setup.php HTTP/1.1" 404 234 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:46 +0900] "GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:46 +0900] "GET //phpMyAdmin-2.8.3/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:49 +0900] "GET //phpMyAdmin-2.8.4/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:54 +0900] "GET //phpMyAdmin-2.8.5/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:56 +0900] "GET //phpMyAdmin-2.8.6/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:56 +0900] "GET //phpMyAdmin-2.8.7/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:34:59 +0900] "GET //phpMyAdmin-2.8.8/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:35:00 +0900] "GET //phpMyAdmin-2.8.9/scripts/setup.php HTTP/1.1" 404 232 "-" "-"
182.18.60.100 - - [17/May/2016:19:35:01 +0900] "GET //phpMyAdmin-2.9.0-rc1/scripts/setup.php HTTP/1.1" 404 236 "-" "-"

要はアタックである。

これ全部404 not foundだから一回こっきりで終わってるけど、もし200とかが返ってきたらブルートフォースアタックの始まりでしょうね。
もちろんソフト名そのまんまに限らず、pmaとかphpMyAdminとかでもアクセスが来ている。

ソフトをそのまんまの名前で使うといかんですな。
インストールが簡単なぶんアタックも多いのがwordpressなのです。
wordpressなんかも有名すぎるから適当なドメイン名/wordpress/wp-login.phpとかやるとログイン画面出てきちゃったりするからねえ。

マイナーなソフトだとしてもusers/loginとかアクセスしたらログイン画面出かねないし、わかりやすくすると危険です。
レンタルサーバー借りてwordpress入れる、なんてのは昨今そう難しい話じゃないけど、こういう不正アクセスとかの危険性は分かってない人多いから要注意ですよ。

Share on Facebook
Pocket