LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@nanbuwksinIoTLT

WordPress に不正アクセスしにくるので対処

Posted at

2018/3/1


サイト「 ****** 」の新規ユーザー登録:

ユーザー名: aji*****co

メールアドレス: era****ye@asas.domailnew.com

サーバにログインして、apacheのアクセスログを調べる。


91.200.12.7 - - [01/Mar/2018:02:24:44 +0000] "GET /wp-login.php?action=rp HTTP/1.0" 200 4724 "http://**********/wp-login.php?action=rp" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 YaBrowser/17.10.0.2017 Yowser/2.5 Safari/537.36"
91.200.12.7 - - [01/Mar/2018:02:24:45 +0000] "POST /wp-login.php?action=resetpass HTTP/1.0" 200 1721 "http://**********/wp-login.php?action=rp" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 YaBrowser/17.10.0.2017 Yowser/2.5 Safari/537.36"
91.200.12.7 - - [01/Mar/2018:02:59:59 +0000] "POST /wp-login.php HTTP/1.0" 302 384 "http://**********/bbp-register/" "Mozilla/5.0 (Windows NT 7.0; WOW64; rv:33.1) Gecko/20100101 Firefox/33.1"
91.200.12.7 - - [01/Mar/2018:03:00:02 +0000] "POST /wp-login.php HTTP/1.0" 200 4049 "http://**********/bbp-register/?checkemail=registered" "Mozilla/5.0 (Windows NT 7.0; WOW64; rv:33.1) Gecko/20100101 Firefox/33.1"
91.200.12.7 - - [01/Mar/2018:03:16:01 +0000] "POST /wp-login.php HTTP/1.0" 302 384 "http://**********/bbp-register/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
91.200.12.7 - - [01/Mar/2018:03:16:03 +0000] "POST /wp-login.php HTTP/1.0" 200 4045 "http://**********/bbp-register/?checkemail=registered" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"

このアドレスのURLは?



nanbuwks@LATITUDE:~$ dig -x 91.200.12.7

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 91.200.12.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4262
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;7.12.200.91.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
7.12.200.91.in-addr.arpa. 3600	IN	PTR	dsystemip5.vhoster.org.

;; Query time: 192 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 01 11:34:12 JST 2018
;; MSG SIZE  rcvd: 89

ということで、このアドレスをブラウザで開くと真っ赤っ赤。

image

時間があるときに、どんな攻撃コードが降ってくるか調べてみたいところです。

今回は、安直に該当アドレスをフィルタリングして様子見。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?