php suhosin alerts
I use suhosin. I get the following alerts.
ALERT-SIMULATION - tried to register forbidden variable '_REQUEST' through GET variables (attacker
ALERT-SIMULATION - tried to register forbidden variable '_REQUEST[option]' through GET variables (attacker
ALERT-SIMULATION - tried to register forbidden variable '_REQUEST[Itemid]' 开发者_Go百科through GET variables (attacker
ALERT-SIMULATION - tried to register forbidden variable 'GLOBALS' through GET variables (attacker
Are they real attackers? If not, how to set suhosin configuration to ignore these alert?
Those are not necessarily "attacks," but rather tests/prodding of your site to determine if they (the potential attacker) can inject code though register_globals being enabled.
The uri's used to produce those errors are as follows
http://www.example.com/index.php?_REQUEST=someValue
http://www.example.com/index.php?_REQUEST[option]=someValue
http://www.example.com/index.php?_REQUEST[ItemId]=someValue
http://www.example.com/index.php?GLOBALS=someValue
Do you have register_globals
set to on
?
That IP traces to ATL: http://www.ip-adress.com/ip_tracer/
Getting this error repeatedly ... spamming my syslog
3 22:32:01 REDACTED SERVER NAME suhosin[16290]: ALERT-SIMULATION - Include filename ('phar:///REDACTED/lib/cron.phar/Cron/CronExpression.php') is an URL that is not allowed (attacker '127.0.0.1', file 'REDACTED/lib/cron.phar', line 12)
... but register_globals are definitely off ... so what's the issue?
精彩评论