Sign in to follow this  
ID Merlin

[web] Hacker, or spam bot?

Recommended Posts

I've seen the occasional user with an error message, and a URL similar to this: /forums/showthread.php?t=http://somedomain.domain.com/index.htm? The "t" argument should be a number, the thread id. Any idea what this is? Is it an attack attempt, or a spam bot, or what?

Share this post


Link to post
Share on other sites
It's a pretty common hack attempt. I get it at work all the time. So much so, in fact, that I've had to filter out or disable all the annoying email notifications i programmed to send myself when someone tries something like that.

I'm not sure exactly what it does, but basically, it tries to get your server to access the URL it tries to insert. If it does, it does some cute scripting to try to get your server to give up some personal information like root passwords or the location of some file.

These scripts tend to just replace some variable in your query string with the target URL in the hopes that your script is some kind of redirect or URL processing page, to the tune of:

http://yourdomain/GoToPage.php?page=SomeURL

Share this post


Link to post
Share on other sites
I suppose it would be, but I don't really care to change the default behavior of vBulletin. It produces an error page that says: "No Thread specified. If you followed a valid link, please notify the administrator". It does give them a link to spam me, though. ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this