[web] Hacker, or spam bot?
I've seen the occasional user with an error message, and a URL similar to this: /forums/showthread.php?t=http://somedomain.domain.com/index.htm? The "t" argument should be a number, the thread id. Any idea what this is? Is it an attack attempt, or a spam bot, or what?
It's a pretty common hack attempt. I get it at work all the time. So much so, in fact, that I've had to filter out or disable all the annoying email notifications i programmed to send myself when someone tries something like that.
I'm not sure exactly what it does, but basically, it tries to get your server to access the URL it tries to insert. If it does, it does some cute scripting to try to get your server to give up some personal information like root passwords or the location of some file.
These scripts tend to just replace some variable in your query string with the target URL in the hopes that your script is some kind of redirect or URL processing page, to the tune of:
http://yourdomain/GoToPage.php?page=SomeURL
I'm not sure exactly what it does, but basically, it tries to get your server to access the URL it tries to insert. If it does, it does some cute scripting to try to get your server to give up some personal information like root passwords or the location of some file.
These scripts tend to just replace some variable in your query string with the target URL in the hopes that your script is some kind of redirect or URL processing page, to the tune of:
http://yourdomain/GoToPage.php?page=SomeURL
Thank you. The parameter, t, is parsed by intval, so that malicious URL will try to show a non-existent thread (0).
of course it would be better to trap the error and deal with somehow instead of letting it go any further. something like:
if ( !is_numeric( $t ) ) {
// send request to Heck
}
if ( !is_numeric( $t ) ) {
// send request to Heck
}
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement