Hi Kevin
These appear to be automated attempts at testing for sql injection vulnerabilities. It is pretty common for a public website to see this kind of probing, but as you've noticed these do generate 500 errors in AtoM and record an empty stub file in AtoM's cache folder with a .php extension. There is no real content in these cache files, just some cache code added by the Symfony framework on which AtoM is based.
Running `php symfony cache:clear` will clear these files, but at the expense of clearing the entire cache.
Regarding your second question about access permissions on the cache folder, Nginx should be configured to prevent direct requests to these folders (see link above). The AtoM user and group (usually 'www-data:www-data') should have 'rwxrwx' access to the cache folder. It is possible to restrict access to 'others'. (See:
https://www.accesstomemory.org/en/docs/2.6/admin-manual/installation/linux/ubuntu-bionic/#filesystem-permissions). This will have the side effect that admins will not be able to directly view this folder without upgrading their permissions. The example in this link removes permission for 'others' for the entire atom directory, not just atom/cache which is also possible.
Let me know if I can answer any further questions regarding this.
Steve