現在システムサービスを提供しているのですが
SSL接続が不能になりました。
エラー内容は以下です。
■ブラウザ接続
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
■外部クライアントからのWebRequest接続
web request error [12175]
自分でも調べてみたのですが
ssl接続が受け付けない状況です。
今想定しているのは外部から443ポートへ攻撃を受けているのでは?ということです。
ただはっきりとした攻撃方法や攻撃先など解明できず、今のwebサーバの詳細な状態は不明です。
セキュリティ関係に詳しい方、原因究明と解決に向けてお力添えを宜しくお願いします。
webサーバはvps上に立てています。
vpsへのリモート接続は可能です。
追記でエラーログの抜粋を載せます。
■エラーログ
・[独自ドメイン]-error.log
[Wed Mar 23 17:45:27.439847 2022] [mpm_winnt:crit] [pid 7452:tid 800] AH02538: Child: Parent process exited abruptly. Child process is ending
[Wed Mar 23 17:45:34.842036 2022] [core:warn] [pid 10460:tid 704] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Wed Mar 23 17:45:35.419961 2022] [mpm_winnt:notice] [pid 10460:tid 704] AH00455: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.26 configured -- resuming normal operations
[Wed Mar 23 17:45:35.419961 2022] [mpm_winnt:notice] [pid 10460:tid 704] AH00456: Apache Lounge VC15 Server built: Oct 3 2020 12:58:33
[Wed Mar 23 17:45:35.419961 2022] [core:notice] [pid 10460:tid 704] AH00094: Command line: 'c:\xampp\apache\bin\httpd.exe -d C:/xampp/apache'
[Wed Mar 23 17:45:35.419961 2022] [mpm_winnt:notice] [pid 10460:tid 704] AH00418: Parent: Created child process 2008
[Wed Mar 23 17:45:36.813771 2022] [mpm_winnt:notice] [pid 2008:tid 804] AH00354: Child: Starting 150 worker threads.
[Thu Mar 24 08:16:23.521688 2022] [mpm_winnt:crit] [pid 2008:tid 804] AH02538: Child: Parent process exited abruptly. Child process is ending
[Thu Mar 24 08:19:51.139499 2022] [core:warn] [pid 1364:tid 744] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Mar 24 08:19:51.807143 2022] [mpm_winnt:notice] [pid 1364:tid 744] AH00455: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.26 configured -- resuming normal operations
[Thu Mar 24 08:19:51.807143 2022] [mpm_winnt:notice] [pid 1364:tid 744] AH00456: Apache Lounge VC15 Server built: Oct 3 2020 12:58:33
[Thu Mar 24 08:19:51.807143 2022] [core:notice] [pid 1364:tid 744] AH00094: Command line: 'c:\xampp\apache\bin\httpd.exe -d C:/xampp/apache'
[Thu Mar 24 08:19:51.807143 2022] [mpm_winnt:notice] [pid 1364:tid 744] AH00418: Parent: Created child process 5768
[Thu Mar 24 08:19:52.697265 2022] [mpm_winnt:notice] [pid 5768:tid 772] AH00354: Child: Starting 150 worker threads.
・ssl.[独自ドメイン]-access.log
[source IP] - - [23/Mar/2022:13:26:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:02 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:02 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:02 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:03 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:03 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:05 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:05 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:06 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:06 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [23/Mar/2022:13:26:06 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
エラー後も接続できているクライアントあり
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:02:19:00 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20220324 6時を最後にログが消える、全クライアントアクセス不能
(8時にサーバを再起動)
[source IP] - - [24/Mar/2022:06:00:09 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:09 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:09 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:10 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:10 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:10 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:10 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
[source IP] - - [24/Mar/2022:06:00:13 +0900] "POST /[phpファイル] HTTP/1.1" 200 25
[source IP] - - [24/Mar/2022:06:00:13 +0900] "POST /[phpファイル] HTTP/1.1" 200 8
179.43.176.77 - - [24/Mar/2022:08:05:37 +0900] "GET /.git/config HTTP/1.1" 404 301
・ssl_request.log
エラー日も問題なく稼働するクライアントあり
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST/[phpファイル] HTTP/1.1" 2
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST/[phpファイル] HTTP/1.1" 2
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[23/Mar/2022:13:25:01 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3/24 朝6時まで正常アクセスできている
[24/Mar/2022:06:00:05 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:05 +0900] [source IP] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:06 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:06 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:06 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:06 +0900] [source IP] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:09 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:09 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:09 +0900] [source IP] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:09 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:10 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:10 +0900] [source IP] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:10 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:10 +0900] [source IP] TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:06:00:13 +0900] [source IP] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 25
[24/Mar/2022:06:00:13 +0900] [source IP] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /[phpファイル] HTTP/1.1" 8
[24/Mar/2022:08:05:37 +0900] 179.43.176.77 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /.git/config HTTP/1.1" 301
・mysql_error.log
InnoDB: using atomic writes.
2022-03-23 17:45:32 0 [Note] InnoDB: Mutexes and rw_locks use Windows interlocked functions
2022-03-23 17:45:32 0 [Note] InnoDB: Uses event mutexes
2022-03-23 17:45:32 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-03-23 17:45:32 0 [Note] InnoDB: Number of pools: 1
2022-03-23 17:45:32 0 [Note] InnoDB: Using generic crc32 instructions
2022-03-23 17:45:32 0 [Note] InnoDB: Initializing buffer pool, total size = 16M, instances = 1, chunk size = 16M
2022-03-23 17:45:32 0 [Note] InnoDB: Completed initialization of buffer pool
2022-03-23 17:45:33 0 [Note] InnoDB: Starting crash recovery from checkpoint LSN=9812244
2022-03-23 17:45:34 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2022-03-23 17:45:34 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2022-03-23 17:45:34 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2022-03-23 17:45:34 0 [Note] InnoDB: Setting file 'C:\xampp\mysql\data\ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2022-03-23 17:45:34 0 [Note] InnoDB: File 'C:\xampp\mysql\data\ibtmp1' size is now 12 MB.
2022-03-23 17:45:34 0 [Note] InnoDB: Waiting for purge to start
2022-03-23 17:45:34 0 [Note] InnoDB: 10.4.17 started; log sequence number 9812253; transaction id 1293146
2022-03-23 17:45:34 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-03-23 17:45:34 0 [Note] InnoDB: Loading buffer pool(s) from C:\xampp\mysql\data\ib_buffer_pool
2022-03-23 17:45:34 0 [Note] Server socket created on IP: '::'.
更新されていたエラーログは上記の通りでした。
これから推測されるエラー原因や対応策のアドバイスをお願い致します。
回答1件