homepage Welcome to WebmasterWorld Guest from 54.243.23.129
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Is someone try to hack my site
or is it a web crawler
Red_Eye




msg:4028667
 9:36 am on Nov 20, 2009 (gmt 0)

My new site emails me when the site throws an error. I keep getting the following error

Request URL http://example.com/webpage.aspx?CID=1%0D%0A%09%09&MID=12

The URL that works is http://example.com/webpage.aspx?CID=1&MID=12

I know why I get this error and how to fix it my it seems that the person making the request is adding %0D%0A%09%09 for some reason. No where on my site to I add this string to the url. Also the request keeps coming from the same IP address: 93.158.150.20

Some days I can get hundreds of request like this all for different query parameters. Should I ban this ip? When I do a reverse DNS look up it comes up as spider14.yandex.ru which is located in russia.

Any suggestions welcome

[edited by: phranque at 9:59 am (utc) on Nov. 20, 2009]
[edit reason] exemplified domains [/edit]

 

phranque




msg:4028688
 10:10 am on Nov 20, 2009 (gmt 0)

it's probably someone linking to you with a bad url.

that looks like "white space" that was encoded in the url.
those values are the ascii codes for a carriage return and a line feed followed by two horizontal tabs.

have you checked your server access logs?
i'm guessing you will find that the referer information will give you a clue about the source/cause of such a request.

Yandex [company.yandex.com] is probably the largest search engine in russia.

Red_Eye




msg:4028738
 12:32 pm on Nov 20, 2009 (gmt 0)

Thanks for the information, I have modified the site to handle these malformed urls.

phranque




msg:4028791
 3:06 pm on Nov 20, 2009 (gmt 0)

the proper response there is either 404 Not Found or a 301 to the canonical url.

Red_Eye




msg:4028794
 3:11 pm on Nov 20, 2009 (gmt 0)

I have used a 301 redirect, so the user gets to the correct page

Red_Eye




msg:4032748
 3:43 pm on Nov 27, 2009 (gmt 0)

Ok now someone really is trying sql injection my site is throwing an error and presenting an error page to user when they enter the following url

https://example.com:443/webpage.aspx?cid=16&pid=835%20And%20char(124)%2b(Select%20Cast(Count(1)%20as%20varchar(8000))%2Bchar(124)%20From%20[sysobjects]%20Where%201=1)>0

As far as I can see my site it throwing an error with a url like this but any suggestions how I should handle this? the ip addresses are all different.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved