theone Posted May 19, 2021 Share Posted May 19, 2021 I am getting random "errors" and "crit" in log file related to external (outside my LAN) IP addresses. Does anyone know where this is coming from? What the source of the problem is? May 19 01:47:28 Tower nginx: 2021/05/19 01:47:28 [error] 18420#18420: *6209 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 97.74.229.113, server: , request: "GET /admin//config.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "213.57.157.27" May 19 08:04:08 Tower root: error: /GponForm/diag_Form?style/: missing csrf_token May 19 09:20:09 Tower root: error: /api/jsonws/invoke: missing csrf_token May 19 09:20:10 Tower nginx: 2021/05/19 09:20:10 [error] 18420#18420: *74816 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 45.155.205.109, server: , request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "213.57.157.27:443" May 19 09:20:11 Tower nginx: 2021/05/19 09:20:11 [error] 18420#18420: *74827 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 45.155.205.109, server: , request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "213.57.157.27:443" May 19 09:20:14 Tower nginx: 2021/05/19 09:20:14 [error] 18420#18420: *74837 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 45.155.205.109, server: , request: "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "213.57.157.27:443" May 19 13:38:40 Tower nginx: 2021/05/19 13:38:40 [crit] 18420#18420: *119537 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.221.40, server: 0.0.0.0:443 May 19 15:54:03 Tower nginx: 2021/05/19 15:54:03 [crit] 18420#18420: *143184 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 23.129.64.253, server: 0.0.0.0:443 May 19 16:07:43 Tower nginx: 2021/05/19 16:07:43 [error] 18420#18420: *145629 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 97.74.229.113, server: , request: "GET /admin//config.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "213.57.157.27" In between there are also the following lines - What do they mean: May 19 08:04:08 Tower root: error: /GponForm/diag_Form?style/: missing csrf_token May 19 09:20:09 Tower root: error: /api/jsonws/invoke: missing csrf_token Is someone trying to hack my server? Quote Link to comment
itimpi Posted May 19, 2021 Share Posted May 19, 2021 Is your server directly exposed to the internet or been put into your routers DMZ? UnRaid is not hardened enough against attacks to make this safe. the csrf token messages are saying that a web request has been made that do not include a valid UnRaid security token. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.