Malicious requests from private network (Kubernetes)

hacking nginx kubernetes nginx-ingress

Solution 1:

What you see is an attack using an exploit in Apache 2.4.49 (only this version is affected). You can read more about it here CVE-2021-41773.
TLDR: Path traversal allows attacker to remotely execute code, if files are not protected by require all denied configuration.

If you are using any Apache servers upgrade those to, at least, version 2.4.50.
Execute this on your Apache server

curl --data "echo;id" 'http://127.0.0.1:80/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'

If that returns anything other than a 403 error, your server may be vulnerable.

Assuming you are using DigitalOcean - check your account activity, and your team activity, for actions droplet.create and droplet.destroy with suspocious IP.

Check your kube scheduler and controller logs for any suspicious activity.

Related

Why is a labels stage in my Promtail's ingestion pipeline without effect?
How do you create Azure VM from image with unmanaged disk?
Users want be able to reset other users passwords (Active Directory) [closed]
Aurora reader storage cost
GlusterFS failing to mount at boot with Ubuntu 14.04
Is there a way to remove my account from an Azure Active Directory?
Force the kernel to unregister a drive and then initialize it again
How to Remove Microsoft-HTTPAPI/2.0 Header on IIS 8 and 10
Breaking a wood block in Adventure mode [duplicate]
How to install a Windows game for steam?
If I buy a game or DLC on one computer via Steam, can I play it on another?
Why does my Fortify Restoration potion also improve Enchanting and Alchemy?