January 14, 2021

Hacking attempts on server?

Hello, I have found strange requests in my server logs. I have not much experience how to handle this and if I should be worried and I guess this is fairly common.

The requests were like this:

POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /solr/admin/info/system?wt=json
/wp-content/plugins/wp-file-manager/readme.txt
/?XDEBUG_SESSION_START=phpstorm
POST /Autodiscover/Autodiscover.xml
GET /index.php?s=/Index/x5Cthinkx5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21
GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))
/dns-query?dns=AAABAAABAAAAAAAAA3d3dwViYWlkdQNjb20AAAEAAQ
… etc

this seem like some standard word press searching for known vulnerabilities, but also some serious remote executions.

I have Debian (patched regularly) with Nginx and some web apps under proxy if it helps. No wordpress or PHP from my part.

I have firewall set, but obviously I have some ports open.

&#x200B;

1. Should I be worried?
2. How can I find if some damage was done?
3. How can I prevent these attacks? Get some blacklist and block them, ban that IP address?
4. Would it be useful for internet provider to let them known about time and IP address of those attempts? I know this want stop attackers…

Thank you

Comments

Captainhackbeard

Welcome to the background noise of the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.