Welcome to WebmasterWorld Guest from 107.20.75.63

Forum Moderators: phranque

Message Too Old, No Replies

Is someone try to hack my site

or is it a web crawler

     
9:36 am on Nov 20, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Sept 24, 2002
posts: 214
votes: 0


My new site emails me when the site throws an error. I keep getting the following error

Request URL http://example.com/webpage.aspx?CID=1%0D%0A%09%09&MID=12

The URL that works is http://example.com/webpage.aspx?CID=1&MID=12

I know why I get this error and how to fix it my it seems that the person making the request is adding %0D%0A%09%09 for some reason. No where on my site to I add this string to the url. Also the request keeps coming from the same IP address: 93.158.150.20

Some days I can get hundreds of request like this all for different query parameters. Should I ban this ip? When I do a reverse DNS look up it comes up as spider14.yandex.ru which is located in russia.

Any suggestions welcome

[edited by: phranque at 9:59 am (utc) on Nov. 20, 2009]
[edit reason] exemplified domains [/edit]

10:10 am on Nov 20, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10542
votes: 8


it's probably someone linking to you with a bad url.

that looks like "white space" that was encoded in the url.
those values are the ascii codes for a carriage return and a line feed followed by two horizontal tabs.

have you checked your server access logs?
i'm guessing you will find that the referer information will give you a clue about the source/cause of such a request.

Yandex [company.yandex.com] is probably the largest search engine in russia.

12:32 pm on Nov 20, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Sept 24, 2002
posts: 214
votes: 0


Thanks for the information, I have modified the site to handle these malformed urls.
3:06 pm on Nov 20, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10542
votes: 8


the proper response there is either 404 Not Found or a 301 to the canonical url.
3:11 pm on Nov 20, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Sept 24, 2002
posts: 214
votes: 0


I have used a 301 redirect, so the user gets to the correct page
3:43 pm on Nov 27, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Sept 24, 2002
posts: 214
votes: 0


Ok now someone really is trying sql injection my site is throwing an error and presenting an error page to user when they enter the following url

[example.com:443...]

As far as I can see my site it throwing an error with a url like this but any suggestions how I should handle this? the ip addresses are all different.