Hi all,
I have a simple little music composition site up with really nothing valuable on it but with everyone at home all over the world I guess people have a lot of time on their hands.
I am curious about the following activity in our apache log:
5.101.0.209 - - [30/Mar/2020:10:40:11 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 196
5.101.0.209 - - [30/Mar/2020:10:55:48 +0000] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 200 7648
5.101.0.209 - - [30/Mar/2020:10:55:49 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 7635
5.101.0.209 - - [30/Mar/2020:11:03:58 +0000] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]
=HelloThinkPHP HTTP/1.1" 200 7678
These clearly look like hacking attempts but it is hard to tell if anything was successful.
This little site is running on an AWS Lightsail instance using PHP 7.1.
I'm wondering what I can do to or if I should try to prevent this kind of access?
I purify all get get on the site and try to use the built in CI SQL substitution when accessing the small database. Currently the site is not a secure site as I have yet to take the time to get the security cert going and all that.
Would making the site secure help?
Thanks in advance. Hope all are being safe!