奇怪的 TYPO3 擴展請求導致“插件不允許”錯誤

Question

我們維護着很多 TYPO3 項目，在其中一些項目中，我們有時會收到奇怪的日志條目，其中請求了控制器或擴展的操作，而這些肯定不存在。

例如一些日志條目：

The controller "(SELECT (CASE WHEN (2302=2302) THEN 2302 ELSE 2302*(SELECT 2302 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))" is not allowed by plugin "List". Please check for TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php

The controller "Shop') AND 3375=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(120)||CHR(118)||CHR(113)||(SELECT (CASE WHEN (3375=3375) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(118)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND ('CnON'='CnON" is not allowed by plugin "List". Please check for TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php

The action "listFilter UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL#" (controller "...") is not allowed by this plugin / module. Please check TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php / TYPO3\CMS\Extbase\Utility\ExtensionUtility::configureModule() in your ext_tables.php

這些請求是來自機器人嗎？我們能否以某種方式阻止這種情況，或者我們是否可以簡單地忽略這些條目？

Answer 1

這些是來自試圖將 SQL 注入 TYPO3 的機器人的請求。您可以忽略它們，只要您確信您的安裝是最新的並且您的擴展得到良好維護。