Hi,
I want to ask how PythonAnywhere protects its users against File Inclusion Vulnerability? I have searched the forum for this but couldn't find any mention of it. I'm asking because in the last 2 days I got increased traffic and when I checked the server logs I got plenty of these kind of query string:
"GET /index.php?controller=../../../../../../../../../../../../../etc/passwd%00&option=com_properties HTTP/1.1"
"GET /lib///....//....//....//....//....//....//....//....//etc//passwd HTTP/1.1"
Then I searched about it and to my surprise it's about File Inclusion Vulnerability / Remote File Inclusion. The good thing is at the end of that query string it always ends with: 404 232 --> this means whoever trying to exploit did not succeed, correct?
I read this article about securing account: https://help.pythonanywhere.com/pages/SecuringYourAccount/ is there anything else we can do to prevent these kind of cyber attacks? I would like to know if there are methods to ensure security of the web app. Thanks.
Cheers!