homepage Welcome to WebmasterWorld Guest from 54.196.225.45
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
What's a random-spelled filename request mean?
Why do robots request bizarre random file names?
knonymouse




msg:4432855
 2:39 am on Mar 24, 2012 (gmt 0)

Three requests, in the same second:
like:

/mydir1/mydir//amfx/xmlrpc.php
//amfx/xmlrpc.php
/mydir1///amfx/xmlrpc.php


Those robot requests make no sense to me. They looked like random letters. But I notice the file name begins "xml"

Are these in fact known names of vulnerable files in a specific application?

They got 403, but not sure why. Perhaps by IP ban because of a prior visit caught with suspicious activity. Like a request for admin, or login, or register, or upload, or etc. etc.

Meanwhile, as a separate question. If a filename seems to be just random letters, should I assume they are not in fact random (a real target somewhere) or what would be the purpose of a random file name request?

 

incrediBILL




msg:4432873
 4:00 am on Mar 24, 2012 (gmt 0)

That's a standard hack attack looking for a page that tends to be vulnerable.

DeeCee




msg:4432887
 5:36 am on Mar 24, 2012 (gmt 0)

This particular case, asking for xmlrpc.php, as incrediBILL mentions is an attempt to attack.
The different entry points (directory names) are typically just testing for sub-directories where you might have installed something instead of in root.

When you see totally random names from for example GoogleBot, where they ask for an html file with a name that is made up (such as 'gwekhrtipoiiybveee.html' or something), they are merely checking that your site knows how to return a correct code 404 (Not found). That you do not merely catch unknowns, and redirect, returning 200 instead. Such as with a site search for example.

Google for obvious reasons do not like it when sites return 200 (OK) for everything.

I have some sites, where I redirect users into a nice custom message with a product search if they try to hit an old URL, but I still return an official 404, just to make sure Google can do its cleanup.

keyplyr




msg:4432929
 10:40 am on Mar 24, 2012 (gmt 0)


Also, sometimes the ending file (.js, .pl, .php or .txt) is appended to the GET request as a hack.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved