0

I found multiple PHP code execution attempts on my web server, which is running on asp. What happens when one attempts to execute php code on an asp web server? Will this create an impact on the server, and is there any chance of getting compromised? Please explain how this situation is handled by the server.

Note: I don't have direct access to the web server to whether any attempts were successful.

sample attack code: 

tpl_content=<?php eval($_POST[c]) >&name=test404.php&dir=index/../../../..&current_dir=tpl
schroeder
  • 123,438
  • 55
  • 284
  • 319
Mrj
  • 1

1 Answers1

1

The attacker might:

  • not know that the website is running asp, or
  • be a robot.

In most cases, I would say it is the latter: many, many crawlers try all sorts of attacks on every website, hoping to find a website where they get lucky. Figuring out, by hand, which technology is used by a website, costs much more time than just doing a few GET requests and matching the expected output.

what will happen when a php code is tried to execute on an asp running web server. whether this will create an impact on the server and any chances of getting compromised

No, there will be no impact at all. If there is no PHP anywhere on the server, then PHP code will never do anything.

Well, it could theoretically be that valid PHP code is also valid ASP code. I don't know ASP that well, but a function_call() is probably similar in both languages... so any PHP attack will not work, but any attack that is valid for both languages might work, if your website is vulnerable... but the odds of this are negligible. Attacks almost never work in multiple languages, especially not if someone is blindly trying requests against your web server.

This is very common and generally nothing to worry about. It generally impacts common setups like Wordpress, PhpMyAdmin, Typo3, Joomla, etc.

Luc
  • 31,973
  • 8
  • 71
  • 135
  • I recently set up a honeypot to see what the internet's hackers are up to. Within minutes my honeypot was hacked and I had malware samples logged. You are more than likely going to be attacked quite regularly if you host a website. If you don't have access to your server directly you should contact your hosting provider to talk about security solutions for your website. If you can get access, I recommend installing Suricata or Snort IDS to monitor your web server for breaches and attack attempts. – leaustinwile May 07 '19 at 22:46
  • @leaustinwile (1) that sounds like overkill for most setups, (2) I don't know why schroeder converted your answer to a comment on my post, this isn't what comments are for... I was going to suggest posting this as an answer (albeit to a different question, this does not answer the question), but then saw that you did indeed post this as answer... – Luc May 07 '19 at 22:55