PHP Warnings from malicious access

Question

We are getting spurious PHP Warnings which we cannot duplicate.

All PHP Warning occur when we the following URL is [ .php?prod='0=A ] is accessed.

All the domain addresses appear to be far-flung and seemingly unrelated to us or indeed each other and could well be malicious. We block an ip address and it pops up with a new ip address.

As I say we can't duplicate the error so I'm wondering if anyone has seen similar or has a suggestion as to how we can permanently block all access to [ .php?prod='0=A ]

I know this is perhaps not the best forum but frankly I'm stumped.

PHP Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in

Answer 1

You can configure web server to block unwanted requests. Here is example of blocking ?prod='0=A using nginx:

    # %27 means ' character
    if ($arg_prod = "%270=A") {
        return 403;
    }

Also I suggest you to take a look to ready WAF solutions like mod_security or naxsi to block suspicious requests automatically.

Answer 2

I think you are trying to fetch result form query but result is certainly false and it means there is a database error.

here is mysql_fetch_assoc doc check this

Answer 3

You can block such urls from your htaccess file with RewriteRule

RewriteCond %{QUERY_STRING} (?=%27|%22).*
RewriteRule ^.* - [F]

This rule will throw a 403 server response to forbid such urls. Instead of throwing a 403 Forbidden response you may redirect to index page

%27 - URL encoded value for single quotes
%22 - URL encoded value for double quotes