Malicious request in log

I am receiving malicious request therefore i seek your help i log page urls visited and some of them are like (@md5(HelloThinkCMF))</php> and some are like and one more like what are these user trying to do and how should I improve the security and take precaution

The ip of attacker is 45.146.164.125 , i check it is from russia

2 Answers

You can use something like fail2ban for this. These are very common, do not be worried. Just install this thing on top of apache and it's gonna save you alot of bandwidth.

Cheers.

1

The first attempt (?a=fetch&content=die(@md5(HelloThinkCMF))) is an old WordPress exploit. If you are running WordPress and haven't updated it in years, do so. Otherwise, that won't do anything.

The second one (?XDEBUG_SESSION_START=phpstorm) is an attempt to start a debugging session if you have PhpStorm installed on your site.

The third one (s=/Index/\think\app/invokefunction&function=call_user_func_array&var) is an exploit of ThinkPHP that was patched in 2018.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy