Never deploy your vendor folder blindly. Use composer install --no-dev for production. Remove phpunit from your live environment. And always, always turn off directory indexing. Your future self will thank you when your server isn't listed in Shodan as a victim of CVE-2017-9041.
, your site is being actively scanned for one of the most famous "low-hanging fruit" vulnerabilities in PHP history. What is the Vulnerability? The issue lies in the eval-stdin.php file, which was included in PHPUnit versions before . The code in these versions used on the content of php://input , essentially inviting anyone on the internet to send a index of vendor phpunit phpunit src util php evalstdinphp
In affected versions, the content of EvalStdin.php is roughly as follows: Never deploy your vendor folder blindly
Or better, remove the entire phpunit directory if not needed: And always, always turn off directory indexing
The file typically contains logic similar to this simplified snippet:
PHP Unit 4.8.28 - Remote Code Execution (RCE ... - Exploit-DB