質問編集履歴
3
追記
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -15,4 +15,9 @@
|
|
|
15
15
|
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
16
16
|
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
17
17
|
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
18
|
-
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
18
|
+
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
---------------------- ご質問に関しての追記 ---------------------
|
|
23
|
+
犯人が攻撃している部分はindex.htmlであり、ただの静的なページになります。パラメータも付いていない点、PHPなども含まれておらず、apacheかそれよりも前の脆弱性を狙っているものと推測しております。
|
2
数値を修正
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
|
|
7
7
|
対処方法がわからず途方に暮れている状態でございます。お力添え頂けないでしょうか。
|
|
8
8
|
|
|
9
|
-
アクセスログには以下のような記録が残ります。1分くらい攻撃を受けると408が400に変わります。(※IPやドメイン名は例です)
|
|
9
|
+
アクセスログには以下のような記録が大量に残ります(1万行くらい)。1分くらい攻撃を受けると408が400に変わります。(※IPやドメイン名は例です)
|
|
10
10
|
|
|
11
11
|
123.456.789.12 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
12
12
|
123.456.789.12 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
1
最初の投稿内容に誤記がありました。
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -6,20 +6,13 @@
|
|
|
6
6
|
|
|
7
7
|
対処方法がわからず途方に暮れている状態でございます。お力添え頂けないでしょうか。
|
|
8
8
|
|
|
9
|
-
アクセスログには以下のような記録が残ります。(IPやドメイン名は例です)
|
|
9
|
+
アクセスログには以下のような記録が残ります。1分くらい攻撃を受けると408が400に変わります。(※IPやドメイン名は例です)
|
|
10
10
|
|
|
11
|
-
123.
|
|
12
|
-
123.
|
|
13
|
-
123.
|
|
14
|
-
123.
|
|
15
|
-
123.
|
|
16
|
-
123.
|
|
17
|
-
123.
|
|
18
|
-
123.
|
|
19
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
20
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
21
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
22
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
23
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
24
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
25
|
-
123.104.156.15 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
11
|
+
123.456.789.12 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
12
|
+
123.456.789.12 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
13
|
+
123.456.789.12 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
14
|
+
123.456.789.12 - - [26/Oct/2019:13:11:37 +0900] "GET http://exsample.com HTTP/1.1" 408 221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
15
|
+
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
16
|
+
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
17
|
+
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|
|
18
|
+
123.456.789.12 - - [26/Oct/2019:13:12:37 +0900] "GET http://exsample.com HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
|