今日仕事で設定しているWEBサーバーのエラーログを見て驚いた。見事にphpのxmlrpcの脆弱性とawstatsの脆弱性を狙ったアクセスが。DNSをまだふっていないホストにこういうアクセスが来るということは、対策していないサーバーはけっこうやばいと思うなぁ。PHP/awstatsを使っている方はご注意を。
[Mon Dec 19 19:04:56 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/awstats/awstats.pl
[Mon Dec 19 19:04:57 2005] [error] [client 202.186.13.147] script not found or unable to stat: /www/cgi-bin/*****.com/awstats.pl
[Mon Dec 19 19:04:59 2005] [error] [client 202.186.13.147] script not found or unable to stat: /www/cgi-bin/*****.com/awstats
[Mon Dec 19 19:05:01 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/xmlrpc.php
[Mon Dec 19 19:05:02 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/blog/xmlrpc.php
[Mon Dec 19 19:05:04 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/blog/xmlsrv/xmlrpc.php
[Mon Dec 19 19:05:05 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/blogs/xmlsrv/xmlrpc.php
[Mon Dec 19 19:05:06 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/drupal/xmlrpc.php
[Mon Dec 19 19:05:08 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/phpgroupware/xmlrpc.php
[Mon Dec 19 19:05:09 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/wordpress/xmlrpc.php
[Mon Dec 19 19:05:10 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/xmlrpc.php
[Mon Dec 19 19:05:12 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/xmlrpc/xmlrpc.php
[Mon Dec 19 19:05:13 2005] [error] [client 202.186.13.147] File does not exist: /www/docs/*****.com/xmlsrv/xmlrpc.php
