homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

Is someone try to hack my site
or is it a web crawler

 9:36 am on Nov 20, 2009 (gmt 0)

My new site emails me when the site throws an error. I keep getting the following error

Request URL http://example.com/webpage.aspx?CID=1%0D%0A%09%09&MID=12

The URL that works is http://example.com/webpage.aspx?CID=1&MID=12

I know why I get this error and how to fix it my it seems that the person making the request is adding %0D%0A%09%09 for some reason. No where on my site to I add this string to the url. Also the request keeps coming from the same IP address:

Some days I can get hundreds of request like this all for different query parameters. Should I ban this ip? When I do a reverse DNS look up it comes up as spider14.yandex.ru which is located in russia.

Any suggestions welcome

[edited by: phranque at 9:59 am (utc) on Nov. 20, 2009]
[edit reason] exemplified domains [/edit]



 10:10 am on Nov 20, 2009 (gmt 0)

it's probably someone linking to you with a bad url.

that looks like "white space" that was encoded in the url.
those values are the ascii codes for a carriage return and a line feed followed by two horizontal tabs.

have you checked your server access logs?
i'm guessing you will find that the referer information will give you a clue about the source/cause of such a request.

Yandex [company.yandex.com] is probably the largest search engine in russia.


 12:32 pm on Nov 20, 2009 (gmt 0)

Thanks for the information, I have modified the site to handle these malformed urls.


 3:06 pm on Nov 20, 2009 (gmt 0)

the proper response there is either 404 Not Found or a 301 to the canonical url.


 3:11 pm on Nov 20, 2009 (gmt 0)

I have used a 301 redirect, so the user gets to the correct page


 3:43 pm on Nov 27, 2009 (gmt 0)

Ok now someone really is trying sql injection my site is throwing an error and presenting an error page to user when they enter the following url


As far as I can see my site it throwing an error with a url like this but any suggestions how I should handle this? the ip addresses are all different.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved