Dear Sir, I do not think that this kind of log alerts have anything to do with DSpace. DSpace is using *Java Technology* and *JSP/XML* for the frontend and not at all PHP. These requests you are seeing in Apache are probably "fishing" requests to check IF your server has a thinkphp installation and if so, IF the vulnerability exists. The response they are getting on the other hand is that this a redirect (302), which means that they can find the content in another server, which is included in your server's response header back to the client.
To which server your Apache installation redirects the users? If it is a simple HTTP => HTTPS redirection then in the log files you will also find a lot of "NOT FOUND" (404) HTTP responses for the same requests later on in the log file if you do not have a thinkphp installation. If not, you may want to check if you have a thinkphp installation somewhere in this, or another server and check to see if it is secured from that CVE. Best Regards, -Fk On Mon, Apr 26, 2021 at 8:07 PM Hernan Carvajal Briceño < [email protected]> wrote: > Hello. > > I'm finding this kind of alerts in the logs of Apache: > > 114.113.145.25 - - [22/Apr/2021:07:36:46 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > 112.124.1.110 - - [20/Apr/2021:04:05:44 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > 81.70.203.63 - - [20/Apr/2021:02:41:01 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > 139.155.35.209 - - [16/Apr/2021:08:22:43 -0400] "GET > /thinkphp/html/public/index.php HTTP/1.1" 302 247 > > This is possibly related to this alerts that we're receiving from the > antivirus system: > https://nvd.nist.gov/vuln/detail/CVE-2019-9082 > https://nvd.nist.gov/vuln/detail/CVE-2018-20062corresponden > > We have DSpace v6.3 > > Any knowledge about this? > > Saludos, > > Hernán Carvajal > > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > Libre > de virus. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#m_8178413024954924523_m_5828217180242871373_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-community/CAE7AYAJVpaeogG51PvZRm9%3DNoJBukQcVFL3eVBj%3DuVsq97Z_Qg%40mail.gmail.com > <https://groups.google.com/d/msgid/dspace-community/CAE7AYAJVpaeogG51PvZRm9%3DNoJBukQcVFL3eVBj%3DuVsq97Z_Qg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Filippos Kolovos Software Systems Analyst & Engineer M.Sc. (Eng.) in Data Communications Automation & Networking Department University of Macedonia Library Egnatia 156, 546 36 Thessaloniki, Greece E-Mail: [email protected] <[email protected]> Profile: http://gr.linkedin.com/in/filipposkolovos Phone: +30-2310-891-826 ---------------------------------------------- -- All messages to this mailing list should adhere to the Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/CAHEC7xsevfYTo2XZWQxTALW--ZgsMAcuthxohE45u5wWguz1OA%40mail.gmail.com.
