IT Notebook

ITについての備忘録的なブログです

ApacheのWebサーバに対して"Mozilla/5.0 Jorgee"というUserAgentにいろいろ探られている件

最近アクセスログを確認したところ攻撃を受けていることを確認。今のところ特に抜き出された様子はないが、このままほっておけないので対応。

攻撃を受けてたログ

163.22.88.133 - - [15/Sep/2017:10:35:38 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:40 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/sqlmanager/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:41 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/mysqlmanager/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:42 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:43 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpMyadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:43 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpMyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:44 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:45 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:45 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin3/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:46 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin4/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:47 +0900] "HEAD http://XXX.XXX.XXX.XXX/2phpmyadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:47 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmy/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:48 +0900] "HEAD http://XXX.XXX.XXX.XXX/phppma/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:49 +0900] "HEAD http://XXX.XXX.XXX.XXX/myadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:49 +0900] "HEAD http://XXX.XXX.XXX.XXX/shopdb/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:50 +0900] "HEAD http://XXX.XXX.XXX.XXX/MyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:51 +0900] "HEAD http://XXX.XXX.XXX.XXX/program/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:51 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:52 +0900] "HEAD http://XXX.XXX.XXX.XXX/dbadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:53 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:53 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:54 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:55 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:55 +0900] "HEAD http://XXX.XXX.XXX.XXX/database/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:56 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/phpmyadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:57 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/phpMyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:57 +0900] "HEAD http://XXX.XXX.XXX.XXX/sqlmanager/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:58 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysqlmanager/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:35:59 +0900] "HEAD http://XXX.XXX.XXX.XXX/php-myadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:00 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmy-admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:00 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysqladmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:02 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql-admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:04 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/phpmyadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:05 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/phpMyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:06 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/sysadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:06 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/sqladmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:07 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/db/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:08 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/web/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:09 +0900] "HEAD http://XXX.XXX.XXX.XXX/admin/pMA/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:09 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/pma/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:10 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/db/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:11 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/web/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:11 +0900] "HEAD http://XXX.XXX.XXX.XXX/mysql/pMA/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:12 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/phpmanager/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:13 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/php-myadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:13 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/phpmy-admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:14 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/sql/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:15 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/myadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:15 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/webadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:16 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/sqlweb/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:17 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/websql/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:18 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/webdb/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:18 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/sqladmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:19 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/sql-admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:20 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/phpmyadmin2/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:20 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/phpMyAdmin2/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:21 +0900] "HEAD http://XXX.XXX.XXX.XXX/sql/phpMyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:22 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/myadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:22 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/webadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:23 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/dbweb/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:24 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/websql/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:24 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/webdb/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:25 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/dbadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:26 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/db-admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:27 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/phpmyadmin3/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:27 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/phpMyAdmin3/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:28 +0900] "HEAD http://XXX.XXX.XXX.XXX/db/phpMyAdmin-3/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:29 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/phpmyadmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:29 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/phpMyAdmin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:30 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/db/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:31 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/web/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:32 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/pma/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:32 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/PMA/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:33 +0900] "HEAD http://XXX.XXX.XXX.XXX/administrator/admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:34 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpMyAdmin2/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:34 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpMyAdmin3/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:35 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpMyAdmin4/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:36 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpMyAdmin-3/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:36 +0900] "HEAD http://XXX.XXX.XXX.XXX/php-my-admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:37 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2011/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:38 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2012/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:38 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2013/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:39 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2014/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:40 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2015/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:40 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2016/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:41 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2017/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:42 +0900] "HEAD http://XXX.XXX.XXX.XXX/PMA2018/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:43 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2011/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:44 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2012/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:44 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2013/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:45 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2014/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:46 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2015/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:46 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2016/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:47 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2017/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:48 +0900] "HEAD http://XXX.XXX.XXX.XXX/pma2018/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:48 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2011/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:49 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2012/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:50 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2013/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:50 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2014/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:51 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2015/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:52 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2016/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:52 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2017/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:53 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmyadmin2018/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"
163.22.88.133 - - [15/Sep/2017:10:36:54 +0900] "HEAD http://XXX.XXX.XXX.XXX/phpmanager/ HTTP/1.1" 301 - "-" "Mozilla/5.0 Jorgee"

対応方法

  • .htaccessなどの設定ファイルに、UserAgentの末尾に"Jorgee"が含まれていたら403で返す
<IfModule mod_rewrite.c>
  RewriteEngine on

  RewriteCond %{HTTP_USER_AGENT} ^(.*)Jorgee$
  RewriteRule .* - [F]
</IfModule>

参考