What's with the weird activity in the Nginx logs?

N

NewSantaClaus2021-11-06 18:44:59

linux

NewSantaClaus, 2021-11-06 18:44:59

Tell me, what is this strange activity in the Nginx logs?

GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexander Karabanov, 2021-11-06
@karabanov

Attempts to start debugging.
Attempts to perform code injection.
General hacking attempts.

K

ky0, 2021-11-06
@ky0

Standard Internet noise - crawlers, vulnerability scanners ...
In general, you don't need to do anything, except for situations when they purposefully hammer with the same type of requests - then you can set up blocking by IP addresses, for example, using fail2ban, etc.

S

SagePtr, 2021-11-06
@SagePtr

Bots check your site for vulnerabilities. They do this all the time - they scan the sites found on the network, somewhere they will find something useful for themselves.

T

TheAndrey7, 2021-11-06
@TheAndrey7

These are bots from hacked servers prowling in search of vulnerabilities. The main thing here is not to store backups in a public directory and close access to all files and folders that are not planned to be accessed from a browser (relevant for typical cms in which everything is just in a public directory).

[error] 17767#17767: *563416 access forbidden by rule, request: "GET /.git/config HTTP/1.1"
[error] 17767#17767: *630497 access forbidden by rule, request: "GET /vendor/phpunit/phpunit/build.xml HTTP/1.1"
[error] 17767#17767: *646466 access forbidden by rule, request: "GET /backup/.env HTTP/1.1"
[error] 17767#17767: *646516 access forbidden by rule, request: "GET /backup/.env HTTP/1.1"
[error] 17767#17767: *647060 access forbidden by rule, request: "GET /vendor/.env HTTP/1.1"
[error] 17767#17767: *647087 access forbidden by rule, request: "GET /vendor/laravel/.env HTTP/1.1"