Submit Your Article Forum Rules

Results 1 to 3 of 3

Thread: Bot confused or evil?

  1. 08-08-2008, 05:10 PM #1
    qoregexp
    qoregexp is offline
    Junior Member
    Join Date
    Jan 2004
    Posts
    18

    Question Bot confused or evil?

    I am seeing in my logs that a particular bot is accessing a lot of my pages (and hitting them fast) with invalid arguments.

    For instance I have a page like content.php?page=1 where page should be numeric.

    This bot is accessing it with an url instead of a page number, like
    content.php?page=http://www.somesite.com/dir1/dir2/

    It doesn't hurt anything because I check all the arguments and if they aren't valid set them to default values. I have seen small amounts of this in the past but on one day that I'm looking at the log is just full of it. They are also pulling pages that don't take arguments and for those they don't try to set any argument. What are they up to? I can't think what the point of this is. Should I ban this IP address? I looked it up and it says it's ph02.droa.com. droa.com is a registrar, kind of a sleazy one apparently, and they also submit sites to search engines. Could they be thinking I'm a search engine? Are they looking for some vulnerability that I'm not aware of?

    Any thoughts would be much appreciated.
    Scarlet Quince
    Reply With Quote Reply With Quote
  2. 08-08-2008, 05:36 PM #2
    wige
    wige is offline
    WebProWorld MVP wige's Avatar
    Join Date
    Jun 2006
    Posts
    3,138

    Re: Bot confused or evil?

    My guess is Evil.

    Looks like an analysis program probing your site for vulnerabilities. If you run an auditing tool like Nessus on your site, you would see the same thing.

    One common vulnerability is causing one page to show the source code of another page. This can be used to find database usernames and passwords, and other interesting information. Generally, the URLs used in such a scan are pulled from a list of known-vulnerable applications, such as older or unpatched CMS systems. Typically, you would just get a 404 not found error, but if your script has the same name as a vulnerable application, you may get hit with attempted exploits.

    If your logging indicates this type of traffic is repeatedly being targeted at the same script, I would check the script itself, as there may be some other exploit occuring.
    The best way to learn anything, is to question everything.
    WigeDev - Freelance web and software development
    Reply With Quote Reply With Quote
  3. 08-11-2008, 11:33 AM #3
    qoregexp
    qoregexp is offline
    Junior Member
    Join Date
    Jan 2004
    Posts
    18

    Re: Bot confused or evil?

    Thanks. Can you suggest anyplace I could go to read more about such vulnerabilities? I don't think I am very good at thinking like a hacker.
    Scarlet Quince
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Internet Explorer 7 (evil evil evil unGodly software)
    By optimalwebsite in forum Graphics & Design Discussion Forum
    Replies: 2
    Last Post: 03-09-2007, 07:33 AM
  2. PPC a necessary evil?
    By jackson992 in forum Affiliate Marketing Discussion Forum
    Replies: 4
    Last Post: 07-20-2006, 04:51 AM
  3. Has the Big G Finally Gone Evil?
    By wmrobwl in forum Google Discussion Forum
    Replies: 1
    Last Post: 10-27-2005, 10:25 AM
  4. Do No Evil?
    By jacobwissler in forum Search Engine Optimization Forum
    Replies: 3
    Last Post: 10-21-2005, 09:45 AM
  5. What links are evil?
    By deadBird in forum Google Discussion Forum
    Replies: 5
    Last Post: 07-16-2004, 11:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules