phpMyAdminのスキャンて凄い量来てるんだな…

久々にエラーログを見たとあるサーバ。

Apacheは走っているものの基本的にバックエンドなので殆どアクセスしないしエラーログも無いはずなんだけど、ログを開けたら大量の404。なんだこれと思ったらそれ全部、phpMyAdminのスキャンでした…脆弱性を狙ってるのね。こえー



例えばこんな感じ(抜粋)。
[error] [client 98.124.178.144] File does not exist: [***]/muieblackcat
[error] [client 98.124.178.144] File does not exist: [***]/admin
[error] [client 98.124.178.144] File does not exist: [***]/admin
[error] [client 98.124.178.144] File does not exist: [***]/admin
[error] [client 98.124.178.144] File does not exist: [***]/db
[error] [client 98.124.178.144] File does not exist: [***]/dbadmin
[error] [client 98.124.178.144] File does not exist: [***]/myadmin
[error] [client 98.124.178.144] File does not exist: [***]/mysql
[error] [client 98.124.178.144] File does not exist: [***]/mysqladmin
[error] [client 98.124.178.144] File does not exist: [***]/typo3
[error] [client 98.124.178.144] File does not exist: [***]/phpadmin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin1
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin2
[error] [client 98.124.178.144] File does not exist: [***]/pma
[error] [client 98.124.178.144] File does not exist: [***]/web
[error] [client 98.124.178.144] File does not exist: [***]/xampp
[error] [client 98.124.178.144] File does not exist: [***]/web
[error] [client 98.124.178.144] File does not exist: [***]/php-my-admin
[error] [client 98.124.178.144] File does not exist: [***]/websql
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2
[error] [client 98.124.178.144] File does not exist: [***]/php-my-admin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.2.3
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.2.6
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.4
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5-rc1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5-rc2
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5-pl1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.6-rc1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.6-rc2
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.6
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.7
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.7-pl1
[error] [client 98.124.178.144] File does not exist: [***]/muieblackcat
[error] [client 98.124.178.144] File does not exist: [***]/admin
[error] [client 98.124.178.144] File does not exist: [***]/admin
[error] [client 98.124.178.144] File does not exist: [***]/admin
[error] [client 98.124.178.144] File does not exist: [***]/dbadmin
[error] [client 98.124.178.144] File does not exist: [***]/myadmin
[error] [client 98.124.178.144] File does not exist: [***]/mysql
[error] [client 98.124.178.144] File does not exist: [***]/mysqladmin
[error] [client 98.124.178.144] File does not exist: [***]/typo3
[error] [client 98.124.178.144] File does not exist: [***]/phpadmin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin1
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin2
[error] [client 98.124.178.144] File does not exist: [***]/pma
[error] [client 98.124.178.144] File does not exist: [***]/web
[error] [client 98.124.178.144] File does not exist: [***]/xampp
[error] [client 98.124.178.144] File does not exist: [***]/web
[error] [client 98.124.178.144] File does not exist: [***]/php-my-admin
[error] [client 98.124.178.144] File does not exist: [***]/websql
[error] [client 98.124.178.144] File does not exist: [***]/phpmyadmin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.2.3
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.2.6
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.4
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5-rc1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5-rc2
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.5-pl1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.6-rc1
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.6-rc2
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.7
[error] [client 98.124.178.144] File does not exist: [***]/phpMyAdmin-2.5.7-pl1


このバックエンドサーバで走ってるApacheは、それ専用の公開していないドメインが割り振られている(今考えたらIPアドレスで良かった気もする…まぁいい)ので基本的には直接アクセスされることはないのだけど、RSSリーダーのリファラなどわずかに漏れたドメイン名およびディレクトリから、関連ディレクトリを推測してアタックを仕掛けてくると言う…うざいw

まぁ、ほんまもんのブルートフォースアタックとかDoS攻撃とかこんなもんじゃないのでまぁよかったねという話なんだけど、phpMyAdminの脆弱性はヤバイしなぁ。まぁアクセスできるような所に置いてないのでうちは関係ないですけど。IPアドレスかなり分散してるのでこれを止めるのは多分無理だろうなぁ。織り込まないとだめか。