Welcome to WebmasterWorld Guest from 54.166.85.29

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

What's a random-spelled filename request mean?

Why do robots request bizarre random file names?

     
2:39 am on Mar 24, 2012 (gmt 0)

New User

5+ Year Member

joined:Dec 9, 2007
posts: 26
votes: 0


Three requests, in the same second:
like:

/mydir1/mydir//amfx/xmlrpc.php
//amfx/xmlrpc.php
/mydir1///amfx/xmlrpc.php


Those robot requests make no sense to me. They looked like random letters. But I notice the file name begins "xml"

Are these in fact known names of vulnerable files in a specific application?

They got 403, but not sure why. Perhaps by IP ban because of a prior visit caught with suspicious activity. Like a request for admin, or login, or register, or upload, or etc. etc.

Meanwhile, as a separate question. If a filename seems to be just random letters, should I assume they are not in fact random (a real target somewhere) or what would be the purpose of a random file name request?
4:00 am on Mar 24, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14663
votes: 99


That's a standard hack attack looking for a page that tends to be vulnerable.
5:36 am on Mar 24, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 1, 2011
posts: 192
votes: 0


This particular case, asking for xmlrpc.php, as incrediBILL mentions is an attempt to attack.
The different entry points (directory names) are typically just testing for sub-directories where you might have installed something instead of in root.

When you see totally random names from for example GoogleBot, where they ask for an html file with a name that is made up (such as 'gwekhrtipoiiybveee.html' or something), they are merely checking that your site knows how to return a correct code 404 (Not found). That you do not merely catch unknowns, and redirect, returning 200 instead. Such as with a site search for example.

Google for obvious reasons do not like it when sites return 200 (OK) for everything.

I have some sites, where I redirect users into a nice custom message with a product search if they try to hit an old URL, but I still return an official 404, just to make sure Google can do its cleanup.
10:40 am on Mar 24, 2012 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:7770
votes: 266



Also, sometimes the ending file (.js, .pl, .php or .txt) is appended to the GET request as a hack.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members