shell.php | Web based shell access using PHP file

I think you need to create .psysh.php file in the project root of Laravel.

and then add:

I would recommend doing something like this:

This could be a number of things, depending on what (if anything) you've added to the base distro... but a couple of things I've run into that might help you are:

Clear out the composer autoload cache:

Look at the include errors, they tell you that your database.php file cannot be found, and if you look at the path, you see that it looks in the Console/Config folder, which is of course the wrong location.

That is because the shell will use the current working directory as the application path, so either run the console from within your app folder, ie Console\cake bake all, or use the -app parameter to pass the path to your app folder:

It has been a year since I asked the question. I simply ignored the lack of use of tinker and went on. But today I finally found a solution and thought it might be a good idea to share.

The shared server environment might causing this error. Dumping the variable $this->runtimeDir on line 352 from file vendor/psy/psysh/src/Configuration.php tells me about missing permissions to create a folder in /run/user/1000/psysh, where 1000 is the uid.

A workaround is to tell psysh to use a directory where the operating user has write access. This can be done with the runtimeDir config option. All you need to do is to create a config file in ~/.config/psysh/config.php or locally as .psysh.php in the project root of Laravel. Add the following content and you are ready to go.

I would suggest using the EvaluateJSONPath processor to extract the desired JSON values to flowfile attributes, and then route to ReplaceText and use Expression Language to replace template tokens with the attribute values. For example, given this "input JSON":

in China.

You can't stop it.

You could add a firewall rule to drop traffic from that IP; however it's useless because it will just appear from another IP and eventually you'll have thousands of drop rules, which will impact performance.

Limiting requests from a single IP will reduce server load, however it won't stop the scans. If you do want to go down the "blocking" road, fail2ban works nicely.

Mostly, your code just needs to be able to handle this.

If your web app is internal or has a limited audience, you can drop all traffic except authorized addresses.

I just deleted my vendor folder manually, and tried running composer install. By doing this, the php artisan tinker command worked properly again. This might not be the right solution, but anyway, it works again. Maybe just deleting vendor/psy folder and running composer install would do the same.

What is the hacker trying to achieve with all those get and post calls?

To find an exploit they might leverage; could be known filenames for software with known bugs/holes; probably by now there have been similiar requests from different addresses one might suspect.

Is the Tomcat server currently under attack or already been hacked?

Attack -- if there was a status 200 in the logs then maybe hack. The logs above all showed 302/redirect; so one could assume the hack was not fruitful.

What can I do to stop the hacker?

Do whois on the ip address; block the range reported -- odds are it is from a country you don't or want to do business with. ;) Best if traffic can be dropped (or blocked) at the internet demarc (gateway/router). Apache can also be configured as well -- see below:

Blocking multiple ip ranges using mod access in htaccess