Some kind of left POST requests in the logs. Perhaps some script is running?

E

EvilDev2016-11-21 11:53:41

Yii

EvilDev, 2016-11-21 11:53:41

The site was transferred to a new self-written cms, made error logs to come, after which I began to notice strange post requests to the main page of the site.

2016-11-21 08:43:10
[138.201.171.213][-][b2kubb61490amjud1bntesfg11][error][yii\web\HttpException:400]
yii\web\BadRequestHttpException: Не удалось
проверить переданные данные. in
/var/www/vendor/yiisoft/yii2/web/Controller.php:112
Stack trace:
#0 /var/www/components/Controller.php(108):
yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#1 /var/www/vendor/yiisoft/yii2/base/Controller.php(154):
shop\components\Controller->beforeAction(Object(yii\base\InlineAction))
#2 /var/www/vendor/yiisoft/yii2/base/Module.php(524):
yii\base\Controller->runAction('index', Array)
#3 /var/www/vendor/yiisoft/yii2/web/Application.php(102):
yii\base\Module->runAction('', Array)
#4 /var/www/vendor/yiisoft/yii2/base/Application.php(373):
yii\web\Application->handleRequest(Object(yii\web\Request))
#5 /var/www/web/index.php(31): yii\base\Application->run()
#6 {main}
2016-11-21 08:43:10
[138.201.171.213][-][b2kubb61490amjud1bntesfg11][info][application]
$_POST = [
    'url' => 'http://www.animestore***/'
    'timeout' => '10'
]

$_SESSION = [
    '__flash' => []
]

$_SERVER = [
    'USER' => 'www-data'
    'HOME' => '/var/www'
    'HTTP_CONTENT_TYPE' => 'multipart/form-data;
boundary=----------------------------2e22fb8a1b99'
    'HTTP_EXPECT' => '100-continue'
    'HTTP_CONTENT_LENGTH' => '265'
    'HTTP_ACCEPT' => '*/*'
    'HTTP_HOST' => 'nyaki.ru'
    'HTTP_USER_AGENT' => 'Mozilla/5.0 (X11; U; Linux i686; ru;
rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5'
    'SCRIPT_FILENAME' => '/var/www/web/index.php'
    'REDIRECT_STATUS' => '200'
    'SERVER_NAME' => 'nyaki.ru'
    'SERVER_PORT' => '80'
    'SERVER_ADDR' => '62.76.178.246'
    'REMOTE_PORT' => '57974'
    'REMOTE_ADDR' => '138.201.171.213'
    'SERVER_SOFTWARE' => 'nginx/1.10.1'
    'GATEWAY_INTERFACE' => 'CGI/1.1'
    'REQUEST_SCHEME' => 'http'
    'SERVER_PROTOCOL' => 'HTTP/1.1'
    'DOCUMENT_ROOT' => '/var/www/web'
    'DOCUMENT_URI' => '/index.php'
    'REQUEST_URI' => '/'
    'SCRIPT_NAME' => '/index.php'
    'CONTENT_LENGTH' => '265'
    'CONTENT_TYPE' => 'multipart/form-data;
boundary=----------------------------2e22fb8a1b99'
    'REQUEST_METHOD' => 'POST'
    'QUERY_STRING' => ''
    'FCGI_ROLE' => 'RESPONDER'
    'PHP_SELF' => '/index.php'
    'REQUEST_TIME_FLOAT' => 1479717790.2041
    'REQUEST_TIME' => 1479717790
]

All anything, but it occurs periodically. The most confusing thing is
'timeout' => '10'
Perhaps someone is trying to lower the site in search engines due to pov. factors? But these are only assumptions. What could it be?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

DuD, 2016-11-21
@DuD

Show the log in full. It is not clear with what data the client is breaking. What is the logic of hiding part of the urls, but for example

'SERVER_NAME' => 'nyaki.ru'

leave??!

M

Maxim Timofeev, 2016-11-21
@webinar

Maybe it's spam? Maybe earlier there was a comment form on the main page or something else. They are trying to spam the site.
Then why post and not get requests?