My dear Livewire believers, I need your help. Yesterday, one of my projects was attacked by what I believe were automated bots.
The issue is that the scripts were targeting (among other things) the "livewire/update" route. They were attempting to call methods that clearly don't exist or trying to access properties.
I suspect they might have bypassed the checksum check, but I'm not sure.
Has anyone seen anything like this before?
•
Thank you Punyapal. The thing is… can you target livewire/update being a post route overriding cors middleware and livewire’s internal checksum check?
I mean they were using a Guzzle client targeting the route directly.
If so, then the route should be auth protected meaning you couldn’t use livewire component in a public page.
Also that using livewire is a big liability.
•