|Beware HTML in abUser Agent Strings|
filter HTTP requests and logs like any other form of input data
<br><center><h1>Pilferer</h1></center><br><center><h2><a href="http://example.com/">[Toolly Robot 0.1]</a></h2></center>
FYI, I replaced the domain with example.com because this one is not safe to surf and I'm not promoting it here just in case someone isn't careful and got hammered by accident.
Beware as user agent strings, referrers and even the requested pages are a potential vulnerability, just like cross-site scripting, which could be used to attack to your MySQL queries and reports if not properly filtered.
Best case, as in the above example, the code just messes up the report and displays the user agent in a big font in the middle of the screen with a link to their site.
People tend to filter malicious input from being passed to their web pages but ignore the fact that this data can also logged in it's raw form and then processed later by server stats programs that don't always filter that data properly to protect webmasters from simplistic browser or SQL attacks. Once I noticed this stuff happening I stopped all server side log analysis programs as I can't be sure they are secure and won't let something through that puts my server or browser at risk.
I had one of these a month or two ago and simply shrugged it off as an errant spammer. Failing to make a saved notation.
Not sure I'm willing to dig back through the logs attempting to locate it.
It's more than just that, some are spamming, some are attacking.
Not all of the sites are just spam links, some are malicious.
FWIW, I'm getting tons of this stuff lately on a couple of sites. All reports I wrote have now been verified to be HTML sanitized and I shut down any log analysis and reports that I didn't write for security.
My reports are hot, but I never follow any of the links. If I want to investigate, I either load the link into a browser manually with noscript & adblock, JS off and redirects off or I use a 3rd party web-based HTML parser tool.
Not possible on my server.
Also, I hand code input forms, don't use anything off the web or out of a box. I build in a few security measures.
|My reports are hot, but I never follow any of the links. If I want to investigate, I either load the link into a browser manually with noscript & adblock, JS off and redirects off or I use a 3rd party web-based HTML parser tool. |
You may want to include RequestPolicy also.
@MickeyRoush - yeah good security tool as well. I also use DoNotTrack Plus, opt out where possible... ad infinitum.
Things like this are why I'm glad I do my reports using an extensive collection of shell scripts I've written over the years.