Mizukama Blog

自宅サーバーのapache2ログを見ていたら、こんなのが残っていた。


- 77.79.212.111 - - [07/Aug/2013:23:09:13 +0900] "GET /phpmyadmin/ HTTP/1.1" 404 466 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:14 +0900] "GET /phpMyAdmin/ HTTP/1.1" 404 467 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:15 +0900] "GET /PMA/ HTTP/1.1" 404 462 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:15 +0900] "GET /pma/ HTTP/1.1" 404 462 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:16 +0900] "GET /admin/ HTTP/1.1" 404 463 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:16 +0900] "GET /dbadmin/ HTTP/1.1" 404 464 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:17 +0900] "GET /sql/ HTTP/1.1" 404 462 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:18 +0900] "GET /mysql/ HTTP/1.1" 404 463 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:18 +0900] "GET /myadmin/ HTTP/1.1" 404 464 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:19 +0900] "GET /phpmyadmin2/ HTTP/1.1" 404 467 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:20 +0900] "GET /phpMyAdmin2/ HTTP/1.1" 404 468 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:20 +0900] "GET /phpMyAdmin-2/ HTTP/1.1" 404 469 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:21 +0900] "GET /php-my-admin/ HTTP/1.1" 404 468 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:22 +0900] "GET /sqlmanager/ HTTP/1.1" 404 467 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:22 +0900] "GET /mysqlmanager/ HTTP/1.1" 404 469 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:23 +0900] "GET /p/m/a/ HTTP/1.1" 404 463 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:24 +0900] "GET /php-myadmin/ HTTP/1.1" 404 468 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:24 +0900] "GET /phpmy-admin/ HTTP/1.1" 404 468 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:25 +0900] "GET /webadmin/ HTTP/1.1" 404 465 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:25 +0900] "GET /sqlweb/ HTTP/1.1" 404 463 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:26 +0900] "GET /websql/ HTTP/1.1" 404 463 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:27 +0900] "GET /webdb/ HTTP/1.1" 404 463 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:27 +0900] "GET /mysqladmin/ HTTP/1.1" 404 467 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
- 77.79.212.111 - - [07/Aug/2013:23:09:28 +0900] "GET /mysql-admin/ HTTP/1.1" 404 468 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"


これらは全て、phpMyAdminの脆弱性を狙った攻撃のための下調べをされた痕跡と思われる。phpMyAdminで使用している可能性のあるURLにアクセスを試み、phpMyAdminが使用されているかどうかを調べようとしているらしい。幸いなことに、私の下宿にあるサーバーではphpMyAdminを使用していない。上のログでも全てに404を返している。この様な下調べをしているということは、phpMyAdminを使用する場合、WEBサーバー上の置き場を容易に推測されない名前のディレクトリ下にするだけで、受ける攻撃を減らせる可能性あると思われる。