homepage Welcome to WebmasterWorld Guest from 23.22.173.58
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
www.example.com/directory/////file.html?
Suddenly getting weird referrers
NGene

10+ Year Member



 
Msg#: 1165 posted 2:10 pm on May 11, 2003 (gmt 0)

I suddenly noticed a huge amount of weird referrers in my logs. Suppose I have directories called /directory, /directory2 and /directory3 in my site. Yesterday, when I peeked at my logs, everything was normal. Today I saw about 100 referrers in form of

/directory///file.html
/directory/////////file.html
/directory2////////file2.html
/directory3////////file3.html

and so on.

When I looked at my 404 errors, I noticed the same trend:

/directory//////////directory2/
/directory//////////directory3/

and so on.

I've never seen anything like this in my logs before, and all these entries have occurred in a short period of time. What's going on?

 

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 1165 posted 10:13 pm on May 13, 2003 (gmt 0)

NGene,

Could be a human probing your site, or more likely a badly-written robot.

Block the IP address or IP address range just in case it's malicious.

Jim

mischief

10+ Year Member



 
Msg#: 1165 posted 5:28 am on May 14, 2003 (gmt 0)

There's been a few exploits in various web servers that take advantage of bugs in the server's directory handling abilities by confusing it into showing what it shouldn't. eg, going to "http://www.example.com/../../../../etc/" might possibly reveal the contents of a machine's "etc" directory and allow someone to steal a passwd file or something. Maybe some new kiddie scanning tool has come out that looks for something similar and leaves those weird referrers behind?

pawel

10+ Year Member



 
Msg#: 1165 posted 11:00 am on May 13, 2003 (gmt 0)

Exactly,
typing URLs like this is the first thing a wanna-be hacker does, though a character sequence like ///// looks rather weird (or, more likely, I haven't heard of it yet), but /../../../../ can get you to the top of the directory structure and then straight to /etc/passwd, or, say, /winnnt/system32/cmd.exe.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved