Hello,
I just notice a lot of access to my Piwigo upgrade.php file, like:
/upgrade.php/sql.zip
/upgrade.php/config.zip
/upgrade.php/include.zip
/upgrade.php/controller.zip
/upgrade.php/2022-backup.zip
/upgrade.php/new.zip
/upgrade.php/configuration.zip
/upgrade.php/well-known.zip
/upgrade.php/src.zip
/upgrade.php/backup.zip
/upgrade.php/databases.zip
/upgrade.php/public.zip
/upgrade.php/2021.zip
/upgrade.php/error.zip
/upgrade.php/lib.zip
/upgrade.php/v2.zip
/upgrade.php/main.zip
/upgrade.php/source.zip
/upgrade.php/core.zip
/upgrade.php/htdocs.zip
/upgrade.php/db.zip
Should I be worried?
Is this upgrade.php file needed? Or only after upgrade etc?
Thanks,
Matthijs
Offline
upgrade.php should be a file with 15571 bytes, but what you show is a directory upgrade.php/ containing zip files.
That looks wrong. If you don't know what it is and notice access you may want to remove all installation and then unzip the original Piwigo distribution files fresh, but before inspect what and why it actually happens and whether anything else is going on.
Offline
Of course there is no upgrade folder .. and I check in apache2 logging, there it mentions:
35.178.xxx.xxx - - [22/Mar/2023:01:44:34 +0100] "HEAD /upgrade.php HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "PATCH /upgrade.php/?debug=true HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "HEAD /upgrade.php/include.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "GET /upgrade.php/app/.env HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "HEAD /upgrade.php/db.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "GET /upgrade.php/.git/config HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:37 +0100] "GET /upgrade.php/.db.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:40 +0100] "HEAD /upgrade.php/public.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:40 +0100] "GET /upgrade.php/dotenv.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:47 +0100] "GET /upgrade.php/.elastic.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:47 +0100] "GET /upgrade.php/apps/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:54 +0100] "HEAD /upgrade.php/sql.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:54 +0100] "GET /upgrade.php/uploads/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:54 +0100] "HEAD /upgrade.php/lib.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:45:59 +0100] "HEAD /upgrade.php/main.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:00 +0100] "GET /upgrade.php/.debug.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:05 +0100] "HEAD /upgrade.php/v2.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:09 +0100] "HEAD /upgrade.php/2021.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:10 +0100] "HEAD /upgrade.php/core.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:15 +0100] "GET /upgrade.php/.env.backup HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:15 +0100] "HEAD /upgrade.php/config.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:22 +0100] "HEAD /upgrade.php/controller.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:30 +0100] "GET /upgrade.php/v1/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:40 +0100] "GET /upgrade.php/.database.env HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:41 +0100] "HEAD /upgrade.php/new.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:44 +0100] "HEAD /upgrade.php/backup.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:44 +0100] "HEAD /upgrade.php/configuration.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:56 +0100] "HEAD /upgrade.php/databases.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:56 +0100] "HEAD /upgrade.php/2022-backup.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:46:56 +0100] "GET /upgrade.php/core/app/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:47:10 +0100] "GET /upgrade.php/lib/.env HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:47:16 +0100] "GET /upgrade.php/web/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:47:19 +0100] "HEAD /upgrade.php/source.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:47:38 +0100] "HEAD /upgrade.php/src.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:47:45 +0100] "GET /upgrade.php/.env.new HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:47:51 +0100] "GET /upgrade.php/.nginx.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:48:11 +0100] "HEAD /upgrade.php/well-known.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:48:17 +0100] "HEAD /upgrade.php/htdocs.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct. 35.178.xxx.xxx - - [22/Mar/2023:01:48:27 +0100] "HEAD /upgrade.php/error.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
I have blocked the IP but not sure what they tried to achieve ... or if this is some kind of hacking.
Therefore hope the upgrade procedure is good protected ...
PS .. the upgrade.php is indeed 15571 bytes.
Matthijs
(corrected some typos)
Last edited by matthys (2023-03-25 10:46:53)
Offline
That's just another random server trying to get some details of your website, maybe to figure out if it could obtain some sensible (backup) data. Usually they try that in the / document root folder though, in upgrade.php/ it's unusual. As long as your Piwigo is updated that does nothing but displaying an upgrade not needed page, if an update is pending it processes further only when logged in as webmaster or asks for login, see call to check_upgrade_access_rights() in admin/include/functions_upgrade.php
Offline