Welcome to WebmasterWorld Guest from 126.96.36.199 , register , free tools , login , search , pro membership , help , library , announcements , recent posts , open posts Pubcon Platinum Sponsor 2014
Is someone try to hack my site or is it a web crawler Red_Eye msg:4028667 9:36 am on Nov 20, 2009 (gmt 0) My new site emails me when the site throws an error. I keep getting the following error
Request URL http://example.com/webpage.aspx?CID=1%0D%0A%09%09&MID=12
The URL that works is http://example.com/webpage.aspx?CID=1&MID=12
I know why I get this error and how to fix it my it seems that the person making the request is adding %0D%0A%09%09 for some reason. No where on my site to I add this string to the url. Also the request keeps coming from the same IP address: 188.8.131.52
Some days I can get hundreds of request like this all for different query parameters. Should I ban this ip? When I do a reverse DNS look up it comes up as spider14.yandex.ru which is located in russia.
Any suggestions welcome
[ edited by: phranque at 9:59 am (utc) on Nov. 20, 2009] [edit reason] exemplified domains [/edit]
phranque msg:4028688 10:10 am on Nov 20, 2009 (gmt 0)
it's probably someone linking to you with a bad url.
that looks like "white space" that was encoded in the url.
those values are the ascii codes for a carriage return and a line feed followed by two horizontal tabs.
have you checked your server access logs?
i'm guessing you will find that the referer information will give you a clue about the source/cause of such a request. Yandex [ company.yandex.com] is probably the largest search engine in russia. Red_Eye msg:4028738 12:32 pm on Nov 20, 2009 (gmt 0)
Thanks for the information, I have modified the site to handle these malformed urls. phranque msg:4028791 3:06 pm on Nov 20, 2009 (gmt 0)
the proper response there is either 404 Not Found or a 301 to the canonical url. Red_Eye msg:4028794 3:11 pm on Nov 20, 2009 (gmt 0)
I have used a 301 redirect, so the user gets to the correct page Red_Eye msg:4032748 3:43 pm on Nov 27, 2009 (gmt 0)
Ok now someone really is trying sql injection my site is throwing an error and presenting an error page to user when they enter the following url
As far as I can see my site it throwing an error with a url like this but any suggestions how I should handle this? the ip addresses are all different.