ログ監視(続編)

gamzatti
Vote 0 Votes

Struts を狙う攻撃のログ監視

でContent-typeをapacheのログに記録するように設定したら、

それなりにスキャンが見られました。

今のところ、新しいようなリクエストのパターンは見られず、

すでに公開されている攻撃コードの典型的なパターンが多いようです。

サンプルアプリなどに入っていそうな名前の、xx.action などの

パスへのリクエストが多そうです。

存在するパスに対しても、サーブレットフィルタがブロックしてくれていました。

引き続き、観測を続けたいと思います。

No TrackBacks

TrackBack URL: http://www.reverse-edge.com/cgi-bin/mt/mt-tb.cgi/19

1 Comment

| Leave a comment

Since I'd configured the log setting of apache to record Content-type, scanning activities have been observed which seem to leverage a vulnerability of Struts2.

Any new type of request's patterns have not been observed so far,
it seems that most requests were based on a typical pattern
which is disclosed in public:
likely path such as xx.action used in sample applications etc.

Some requests against exist path were blocked by Servlet filter.

I'll keep continue monitoring the logs.

Leave a comment

About this Entry

This page contains a single entry by gamzatti published on March 23, 2017 11:25 PM.

初めてのログ監視 was the previous entry in this blog.

Processes of suffering or struggling for something are never be vain even if they make no outputs. is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.