Malicious File Injection

How do i set WAF rules in order to prevent Malicious File Injection into server and how do i block proxy visitors.

Once Malicious File Injection has been injected the hackers has complete control over the server.

Please help

I have enable this option will this prevent the file or code injection?

From google Real time report i can see that hackers visiting unknow url as below screen shot. this url redirect to 404 error page from there they must have some kinda tool to intercept to inject the malicious file into the server.
I just tried my luck instead the error page landed in 404 page i redirect 404 request to some other website and i can see the file injection no longer happening but then today some how they still manage inject the same malicious file. Previously before redirect 404 page to another page, every time i remove the malicious file within 5min they will inject the same file. But now after i redirect 404 to another page it took at least 2 or 3 days for them to re inject the file. I can see the hackers on my website like 24/7. they always trying different methods. I been monitoring their activity for the pass 2 weeks…
Is that anyway i can block visitor visiting unknow url or url which no existing on my website?

That is a query string added by Facebook sharing… it’s not any hackers.

It shouldn’t go to 404, though, as it’s a simple query string appended to the home page. It should show the home page, but that’s an issue with your server config.

1 Like

Hi matteo,

Thanks for your feedback. Please refer the latest screen shot which i capture. I don have any facebook sharing on my website. if there is an issu at the server config, kindly please guide me how do i solve this…

These are different types of URLs.

The first was just a normal link shared by anyone on Facebook, that query string is added on any click from anyone by Facebook. A query string shouldn’t change the content in the page, especially if it’s not something you are controlling yourself, it should just default to the base page for that path, without the query string.
This is a question for a web developer.

These are actual pages, if they exist and reply with some content you haven’t put there you need to secure your origin, which goes back to a web developer, Cloudflare won’t add any kind content unless you host directly in Pages or similar.
Are these pages actually there, though? Using Google Analytics for seeing real pages isn’t the best, though. Contact a web developer.

The pages are not available on my website. If i visit the url its goes straight to 404 page not found.

Then ignore it, why do you care about those URLs?

i am not sure if i am wrong, from what i been monitoring for the pass 2 weeks. normally the hacker visit this unknow url from there some how they manage to inject the malicious code. once the code injected only than the page start navigating to some post…

Once i remove the code, again the page stop navigating.

This is the malicious code been injected

This is the activity i captured with another security app. If there is way to prevent the file injection do let me know

If this is being injected, it’s happening on the origin (Cloudflare doesn’t even support, nor run PHP). Please, contact a web developer.

1 Like