8

I will preface this question by saying I am NOT a web developer, nor do I have much knowledge in this field. I am a business owner and have a low volume website that my customers purchase products on. I've noticed this set of queries a few minutes ago and they appear very suspicious to me, a layperson. It looks as if they are trying to pull data from my database? I could be totally wrong, but someone please let me know what they think is going on here.

Notes:

  1. All are listed with method of POST when most normal viewers are listed as GET.
  2. everything below occurs immediately after my domain name e.g. examplesite.com/xxxxxxxx

Here are the queries:

 /cgi-bin/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin%2Esimulation%3Don+-d+disable_functions%3D""+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi%2Eforce_redirect%3D0+-d+cgi%2Eredirect_status_env%3D0+-n

 /cgi-bin/php5?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin%2Esimulation%3Don+-d+disable_functions%3D""+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi%2Eforce_redirect%3D0+-d+cgi%2Eredirect_status_env%3D0+-n

 /cgi-bin/php4?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin%2Esimulation%3Don+-d+disable_functions%3D""+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2F%2Finput+-d+cgi%2Eforce_redirect%3D0+-d+cgi%2Eredirect_status_env%3D0+-n

And about 6 more similar queries.

Notes: when I follow that link, my site gives an error of page not found. When I try to go to site.com/cgi-bin/ I get a stock 403 forbidden error from my host.

Thoughts please? Am I being paranoid here?

Edit: Also, in my file manager, my cgi-bin folder is empty: 'this directory is empty'.

Blazemonger
  • 90,923
  • 26
  • 142
  • 180
user3100907
  • 255
  • 3
  • 13
  • 1
    Stackoverflow is for programming questions only, I recommend you try http://serverfault.com/ instead. – kviiri Dec 13 '13 at 21:49
  • 2
    @kviiri This question relates to application-level security and is on-topic enough for StackOverflow, in my opinion. – Brad Dec 13 '13 at 21:50
  • Unless you receive an actual 500/successful request when trying to visit the URLs then you should be fine. It's just automated bots trying to find sites with a specific PHP CGI access vulnerability. – Ben Poulson Dec 13 '13 at 21:58
  • This question appears to be off-topic because it is not about code you have written yourself. – vascowhite Dec 13 '13 at 22:56

2 Answers2

8

Any website accessible on the internet gets pounded by automated attack attempts like this all the time. You can expect your server logs to be filled with this sort of thing. Most are nothing to worry about.

The best thing you can do is have someone monitor the security of your site for you. Whomever designed your site should have been following best practices, which take care of most security issues. If you are buying a web hosting plan (vs a VPS or dedicated server), then your web host will generally take care of security from the server standpoint.

Of course, there are always ways to attack a site. Keep an eye out for defaced pages. If you are storing any customer data, you should hire an expert.

Brad
  • 159,648
  • 54
  • 349
  • 530
  • Thank you. The only customer data stored on my site/server is their email, login name, phone number and address. All the payment processing is handled by a third party through their servers and even I can never have access to it. Thanks for the answer! – user3100907 Dec 13 '13 at 22:05
5

It is just bots probing for vulnerabilities. Happens to pretty much everyone.

user602525
  • 3,126
  • 4
  • 25
  • 40