500 error on suspecious query option

Skip to first unread message

Kevin Bowrin

Jul 27, 2022, 3:41:12 PMJul 27
to AtoM Users
Hi all,

A bot visited our site at:

which produced this php-fpm error:

[27-Jul-2022 12:29:15 America/Vancouver] PHP Fatal error:  require(): Failed opening required '/var/www/atom/atom-2.6.4/atom-2.6.4/cache/qubit/prod/config/modules_97411")_AND_4521=CAST((CHR(113)||CHR(120)||CHR(98)||CHR(98)||CHR(113))||(SELECT_(CASE_WHEN_(4521=4521)_THEN_BITCOUNT(BITSTRING_TO_BINARY((CHR(49))))_ELSE_BITCOUNT(BITSTRING_TO_BINARY((CHR(48))))_END))::varchar||(CHR(113)||CHR(106)||CHR(112)||CHR(107)||CHR(113))_AS_NUMERIC)_AND_("zkpw"_LIKE_"zkpw_config_cache.yml.php' (include_path='/var/www/atom/atom-2.6.4/atom-2.6.4:/var/www/atom/atom-2.6.4/atom-2.6.4/vendor/symfony/lib/plugins/sfPropelPlugin/lib/vendor:/usr/share/pear:/usr/share/php') in /var/www/atom/atom-2.6.4/atom-2.6.4/vendor/symfony/lib/view/sfViewCacheManager.class.php on line 337

I'm also seeing a few weird files under cache, like:


...which doesn't seem right.

Doesn't look like a security vulnerability, but I don't like what looks like arbitrary file names in the cache directory. Any idea what's going on? I'd prefer if these kids of bad queries just returned no results found or 400 errors.

(Also need to figure out why php-fpm is using the wrong timezone, but that's a battle for another day 😅)

Kevin Bowrin
Carleton University Library

Kevin Bowrin

Jul 27, 2022, 3:43:42 PMJul 27
to AtoM Users
*suspicious -_-

Dan Gillean

Aug 4, 2022, 8:49:38 AM (9 days ago) Aug 4
to ICA-AtoM Users
For anyone finding this thread in the future, a response was provided in the the following related forum thread: 

You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/7cea10fb-136e-43e3-9baf-863739cb5dadn%40googlegroups.com.
Reply all
Reply to author
0 new messages