Announcement

 

Pages: 1

#1 2023-03-24 21:07:04

matthys
Member
2014-04-02
188

Should I be worried? (upgrade.php)

upgrade

Hello,

I just notice a lot of access to my Piwigo upgrade.php file, like:

    /upgrade.php/sql.zip
    /upgrade.php/config.zip   
    /upgrade.php/include.zip
    /upgrade.php/controller.zip
    /upgrade.php/2022-backup.zip
    /upgrade.php/new.zip
    /upgrade.php/configuration.zip
    /upgrade.php/well-known.zip
    /upgrade.php/src.zip
    /upgrade.php/backup.zip
    /upgrade.php/databases.zip
    /upgrade.php/public.zip
    /upgrade.php/2021.zip
    /upgrade.php/error.zip
    /upgrade.php/lib.zip
    /upgrade.php/v2.zip
    /upgrade.php/main.zip
    /upgrade.php/source.zip
    /upgrade.php/core.zip
    /upgrade.php/htdocs.zip
    /upgrade.php/db.zip

Should I be worried?

Is this upgrade.php file needed? Or only after upgrade etc?

Thanks,
Matthijs

Offline

 

#2 2023-03-25 02:19:18

erAck
Only trying to help
2015-09-06
2043

Re: Should I be worried? (upgrade.php)

upgrade.php should be a file with 15571 bytes, but what you show is a directory upgrade.php/ containing zip files.
That looks wrong. If you don't know what it is and notice access you may want to remove all installation and then unzip the original Piwigo distribution files fresh, but before inspect what and why it actually happens and whether anything else is going on.

Running Piwigo at https://erack.net/gallery/

Offline

 

#3 2023-03-25 10:41:45

matthys
Member
2014-04-02
188

Re: Should I be worried? (upgrade.php)

Of course there is no upgrade folder .. and I check in apache2 logging, there it mentions:

Code:

35.178.xxx.xxx - - [22/Mar/2023:01:44:34 +0100] "HEAD /upgrade.php HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "PATCH /upgrade.php/?debug=true HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "HEAD /upgrade.php/include.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "GET /upgrade.php/app/.env HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "HEAD /upgrade.php/db.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:36 +0100] "GET /upgrade.php/.git/config HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:37 +0100] "GET /upgrade.php/.db.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:40 +0100] "HEAD /upgrade.php/public.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:40 +0100] "GET /upgrade.php/dotenv.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:47 +0100] "GET /upgrade.php/.elastic.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:47 +0100] "GET /upgrade.php/apps/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:54 +0100] "HEAD /upgrade.php/sql.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:54 +0100] "GET /upgrade.php/uploads/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:54 +0100] "HEAD /upgrade.php/lib.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:45:59 +0100] "HEAD /upgrade.php/main.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:00 +0100] "GET /upgrade.php/.debug.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:05 +0100] "HEAD /upgrade.php/v2.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:09 +0100] "HEAD /upgrade.php/2021.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:10 +0100] "HEAD /upgrade.php/core.zip HTTP/1.1" 200 4471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:15 +0100] "GET /upgrade.php/.env.backup HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:15 +0100] "HEAD /upgrade.php/config.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:22 +0100] "HEAD /upgrade.php/controller.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:30 +0100] "GET /upgrade.php/v1/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:40 +0100] "GET /upgrade.php/.database.env HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:41 +0100] "HEAD /upgrade.php/new.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:44 +0100] "HEAD /upgrade.php/backup.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:44 +0100] "HEAD /upgrade.php/configuration.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:56 +0100] "HEAD /upgrade.php/databases.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:56 +0100] "HEAD /upgrade.php/2022-backup.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:46:56 +0100] "GET /upgrade.php/core/app/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:47:10 +0100] "GET /upgrade.php/lib/.env HTTP/1.1" 200 4637 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:47:16 +0100] "GET /upgrade.php/web/.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:47:19 +0100] "HEAD /upgrade.php/source.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:47:38 +0100] "HEAD /upgrade.php/src.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:47:45 +0100] "GET /upgrade.php/.env.new HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:47:51 +0100] "GET /upgrade.php/.nginx.env HTTP/1.1" 200 889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:48:11 +0100] "HEAD /upgrade.php/well-known.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:48:17 +0100] "HEAD /upgrade.php/htdocs.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.
35.178.xxx.xxx - - [22/Mar/2023:01:48:27 +0100] "HEAD /upgrade.php/error.zip HTTP/1.1" 200 723 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" In:- Out:-:-pct.

I have blocked the IP but not sure what they tried to achieve ... or if this is some kind of hacking.
Therefore hope the upgrade procedure is good protected ...

PS .. the upgrade.php is indeed 15571 bytes.

Matthijs

(corrected some typos)

Last edited by matthys (2023-03-25 10:46:53)

Offline

 

#4 2023-03-25 15:22:40

erAck
Only trying to help
2015-09-06
2043

Re: Should I be worried? (upgrade.php)

That's just another random server trying to get some details of your website, maybe to figure out if it could obtain some sensible (backup) data. Usually they try that in the / document root folder though, in upgrade.php/ it's unusual. As long as your Piwigo is updated that does nothing but displaying an upgrade not needed page, if an update is pending it processes further only when logged in as webmaster or asks for login, see call to check_upgrade_access_rights() in admin/include/functions_upgrade.php

Running Piwigo at https://erack.net/gallery/

Offline

 

Pages: 1

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact