Welcome to WebmasterWorld Guest from 54.166.227.36

Forum Moderators: phranque

Message Too Old, No Replies

Is someone try to hack my site

or is it a web crawler

     
9:36 am on Nov 20, 2009 (gmt 0)

10+ Year Member



My new site emails me when the site throws an error. I keep getting the following error

Request URL http://example.com/webpage.aspx?CID=1%0D%0A%09%09&MID=12

The URL that works is http://example.com/webpage.aspx?CID=1&MID=12

I know why I get this error and how to fix it my it seems that the person making the request is adding %0D%0A%09%09 for some reason. No where on my site to I add this string to the url. Also the request keeps coming from the same IP address: 93.158.150.20

Some days I can get hundreds of request like this all for different query parameters. Should I ban this ip? When I do a reverse DNS look up it comes up as spider14.yandex.ru which is located in russia.

Any suggestions welcome

[edited by: phranque at 9:59 am (utc) on Nov. 20, 2009]
[edit reason] exemplified domains [/edit]

10:10 am on Nov 20, 2009 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



it's probably someone linking to you with a bad url.

that looks like "white space" that was encoded in the url.
those values are the ascii codes for a carriage return and a line feed followed by two horizontal tabs.

have you checked your server access logs?
i'm guessing you will find that the referer information will give you a clue about the source/cause of such a request.

Yandex [company.yandex.com] is probably the largest search engine in russia.

12:32 pm on Nov 20, 2009 (gmt 0)

10+ Year Member



Thanks for the information, I have modified the site to handle these malformed urls.
3:06 pm on Nov 20, 2009 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



the proper response there is either 404 Not Found or a 301 to the canonical url.
3:11 pm on Nov 20, 2009 (gmt 0)

10+ Year Member



I have used a 301 redirect, so the user gets to the correct page
3:43 pm on Nov 27, 2009 (gmt 0)

10+ Year Member



Ok now someone really is trying sql injection my site is throwing an error and presenting an error page to user when they enter the following url

[example.com:443...]

As far as I can see my site it throwing an error with a url like this but any suggestions how I should handle this? the ip addresses are all different.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month