I suddenly noticed a huge amount of weird referrers in my logs. Suppose I have directories called /directory, /directory2 and /directory3 in my site. Yesterday, when I peeked at my logs, everything was normal. Today I saw about 100 referrers in form of
There's been a few exploits in various web servers that take advantage of bugs in the server's directory handling abilities by confusing it into showing what it shouldn't. eg, going to "http://www.example.com/../../../../etc/" might possibly reveal the contents of a machine's "etc" directory and allow someone to steal a passwd file or something. Maybe some new kiddie scanning tool has come out that looks for something similar and leaves those weird referrers behind?
Msg#: 1165 posted 11:00 am on May 13, 2003 (gmt 0)
Exactly, typing URLs like this is the first thing a wanna-be hacker does, though a character sequence like ///// looks rather weird (or, more likely, I haven't heard of it yet), but /../../../../ can get you to the top of the directory structure and then straight to /etc/passwd, or, say, /winnnt/system32/cmd.exe.