• Advertisement
Sign in to follow this  

[web] Hacker, or spam bot?

This topic is 3380 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I've seen the occasional user with an error message, and a URL similar to this: /forums/showthread.php?t=http://somedomain.domain.com/index.htm? The "t" argument should be a number, the thread id. Any idea what this is? Is it an attack attempt, or a spam bot, or what?

Share this post


Link to post
Share on other sites
Advertisement
It's a pretty common hack attempt. I get it at work all the time. So much so, in fact, that I've had to filter out or disable all the annoying email notifications i programmed to send myself when someone tries something like that.

I'm not sure exactly what it does, but basically, it tries to get your server to access the URL it tries to insert. If it does, it does some cute scripting to try to get your server to give up some personal information like root passwords or the location of some file.

These scripts tend to just replace some variable in your query string with the target URL in the hopes that your script is some kind of redirect or URL processing page, to the tune of:

http://yourdomain/GoToPage.php?page=SomeURL

Share this post


Link to post
Share on other sites
of course it would be better to trap the error and deal with somehow instead of letting it go any further. something like:

if ( !is_numeric( $t ) ) {
// send request to Heck
}

Share this post


Link to post
Share on other sites
I suppose it would be, but I don't really care to change the default behavior of vBulletin. It produces an error page that says: "No Thread specified. If you followed a valid link, please notify the administrator". It does give them a link to spam me, though. ;)

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement