PHP stuff requests on Node.js based web app?

Question

We have a Node.js based web application, that has routes like:

myapp.com/posts/[postId]

We tracked strange requests, which lead to 404 on this routes. The requests were to routes like:

/posts/phpinfo.php
/posts/.user.ini
/posts/info.php3
/posts/phptest.php

Neither we're using PHP nor do i know anything about it...

To me it seems that a crawler/bot is requesting these routes, using some PHP related stuff as postIds which makes no sense (to me)...

Is this legit, though useless, or a security related issue?

What could cause this?

score 0 · Accepted Answer · answered Aug 22 '19 at 04:59

This is a classic case of an attacker scanning your website to look for any interesting directories or files that may lead to exploitation. I can say that this happens to a very high percentage of websites online.

The hacker is running a not so sophisticated directory scan and is using the .php extension by default.

As mentioned in the comments, this question may be able to give you additional information.

PHP stuff requests on Node.js based web app?

1 Answers1