small adjustments
This commit is contained in:
parent
cc83118927
commit
01100eb155
|
@ -24,7 +24,15 @@ Wodpress-enabled sites are _very_ easy to spot: just look for `wp-` anything in
|
|||
|
||||
I mean, really? `<?php>die(@md5(HelloThinkCMF))</php>`? Are servers that badly managed that any GET parameter is dynamically evaluated on the server?
|
||||
|
||||
You might notice a repeating pattern in the above log: when setting up the new server (the previous one [got up in flames](/post/2021/03/always-have-a-disaster-recovery-plan/) a couple of weeks ago), I forgot to add the classic 404 page - which results in an error entry in the nginx log. To be honest, I never check those logs. I happened to be looking for something else and got curious.
|
||||
Other `GET` attempts included trying to reach:
|
||||
|
||||
- `/phpMyAdmin/scripts/setup.php`
|
||||
- `index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`
|
||||
- `/?XDEBUG_SESSION_START=phpstorm HTTP/1.1`
|
||||
|
||||
Be sure to follow the "**hardening my instance**" installation instructions on your PHP engine (Such as [Wordpress's documentation](https://wordpress.org/support/article/hardening-wordpress/)) - it seems that you'll need it.
|
||||
|
||||
Furthermore, you might notice a repeating pattern in the above log: when setting up the new server (the previous one [got up in flames](/post/2021/03/always-have-a-disaster-recovery-plan/) a couple of weeks ago), I forgot to add the classic 404 page - which results in an error entry in the nginx log. To be honest, I never check those logs. I happened to be looking for something else and got curious.
|
||||
|
||||
Now, what to do? Well, nothing. Smile. It's all static. Still, it's very sad to see these pathetic attempts, and it makes me angry because years ago, a Wordpress site of mine _was_ effectively hacked because I did not upgrade the instance in due time. If those guys are any good at coding, their skills could have been used for good instead of bullying people.
|
||||
|
||||
|
|
Loading…
Reference in New Issue