How to protect Malicious attack on django website

Question

My company's site is hosted on AWS. I have 3 months experience so I don't know what is:

Not Found: //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //beta/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

The problem is the server automatically stopped running. I thought possible reason can be that the code is going inside some loop so I decided to check logs. What I found is:

Not Found: //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //beta/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //lib/phpunit/Util/PHP/eval-stdin.php
Not Found: //lib/phpunit/phpunit/Util/PHP/eval-stdin.php
Not Found: //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //lib/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Not Found: //phpunit/Util/PHP/eval-stdin.php

I don't know what is this and how to deal with it. I already searched on google I found that it is some kind of malicious attack, I am not sure. I want to know what is this. The site is Django web framework.

Answer 1

If there is some kind of malicious attack happening. There are couple of things you should do

1. Enable AWS Guard Duty to detect the resources under attack.
2. Put your web server behind an application loadbalancer and enable waf on alb. This will act as a firewall for your webserver. Make sure you test this solution in your uat environment before implementing it into production

Answer 2

Maybe your server is a very low EC2 instance, or you have a limited "pay as you go" plan, so this spider that wanted to hack into your server using all the resources.