jay plus

Forum Moderators: open

Message Too Old, No Replies

jay plus

lucy24

9:09 pm on Nov 8, 2015 (gmt 0)

... or rather, /j+ (exact literal text)

I've seen this kind of thing sporadically going back to October of 2014 and up to the present:

{IP here} - - [17/Oct/2014:05:16:31 -0700] "GET /directory/subdir/j+ HTTP/1.1" 404 1408 "http://example.com/" "{user-agent}"
or
{IP here} - - [08/Nov/2015:10:22:38 -0800] "GET /directory/j+ HTTP/1.1" 404 2668 "http://example.com/directory/" "{user-agent}"

IP and UA omitted because they're completely variable, but always robots*. Request is always in the form /legitimate-directory/j+ where /legitimate-directory/ has been previously visited and is generally given as referer.

Question: Do I attribute this to a single robotic error that is now disseminating to other robots as they share notes ... or is it a glitch in some particular script?

* Or possibly browser add-ons. There was one from last month that I now remember caught my attention at the time, but I must have ended up shrugging it off.

keyplyr

8:31 pm on Nov 10, 2015 (gmt 0)

Do you use jquerry? There seems to be a new breed to exploit-seeking scripts targeted at mobile-detect code.

lucy24

9:42 pm on Nov 10, 2015 (gmt 0)

Do you use jquery?

Nope, not at all; I barely even use a bit of javascript for purely decorative purposes. Is that what /j+ is? (And what is it with jquery and their impossible filenames? Aren't they also the ones that throw hashbangs into the middle of an URL?)

exploit-seeking scripts

Like the ones trying to find out if I use WordPress, Joomla or Drupal by quietly doing HEAD checks for certain standard images? Or more like the relatively benign browser add-ons that check for nonexistent xml files or send in OPTIONS requests?

:: uneasily thinking that that was really far too many question marks for one post ::

jay plus

lucy24

keyplyr

lucy24

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week