Msg#: 11406 posted 2:21 am on Nov 25, 2005 (gmt 0)
i'm hit by UserAgent: InetURL:/1.0 more and more recently, with various clientip all they request is something like /upfile.asp, seems trying to do sql injection. i can search nothing helpful from google except some awstats report pages, some tutorial for delphi to make http agent. there's a hacker's tool do this, but does it become a worm? or do u have same problem?
Msg#: 11406 posted 10:39 am on Nov 27, 2005 (gmt 0)
i'd guess not, it's not a normal usage by human, all file it requested does not exist on my server. but strange i cannot find anything relatived to worm/virus about InetURL:/1.0 (containing a ":") the request looks like to:
GET /bbs/diy.asp HTTP/1.1 User-Agent: InetURL:/1.0 Host: $host Cache-Control: no-cache