[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Funny GETs in www logs.



> 
> 22:29:24    GET / 
> 22:29:24    GET /scripts/ 
> 22:29:24    GET 
> /scripts/?C=http%3A%2F%2Fwww.cjp.spb.ru%2Fen%2Ftis%2Fleboma%2F;O=A 
> 22:29:25    GET 
> /scripts/?C=http%3A%2F%2Fwww.municipioxii.it%2Fsunnyway%2Feheq
> ebi%2Fjahibop%2F;O=A 
> 22:29:25    GET 
> /scripts/?C=http%3A%2F%2Fsahel55.com%2Farticles%2Fomaduro%2Fki
> mumid%2F;O=A 
> 22:29:25    GET 
> /scripts/?C=M;O=http%3A%2F%2Fwww.altaiseer-eg.com%2Far%2Fartic
> les%2Fjed%2Fumut%2F 
> 22:29:25    GET 
> /scripts/?C=M;O=http%3A%2F%2Fwww.northfans.ch%2Fforum%2Fadmin%
> 2Fsettings%2Fgucor%2Fujusu%2F 
> 22:29:25    GET 
> /scripts/?C=M;O=http%3A%2F%2Fwww.cjp.spb.ru%2Fen%2Ftis%2Fleboma%2F 
> 22:29:26    GET /scripts/photofilename.perl 
> 22:29:26    GET /scripts/?C=M;O=A 
> 22:29:26    GET /scripts/?C=N;O=A

The ?C=M;O=A seems to refer to something trying to force the sort by
column 'C=' and order ascending / descending (O=) from what I can see.
Otherwise, it looks like it's just fishing for a vulnerability.
Presumably the script kiddes have given up trying to find cmd.exe
vulnerabilities in Windows boxes? I always used to return them a big
enough file of nulls to chew on if they went for cmd.exe

Try this thread for possibly a bit more info...

http://www.mail-archive.com/wget@xxxxxxxxxx/msg08373.html

...time passes...

If you view the directory listing your web server is returning, I bet
you can click on the links above the columns to change the sort order.
I'd be tempted to agree with your assessment about trawling for web spam
posting.

-- 
David Morris
European IT Manager, ATI Allvac Ltd, Sheffield, UK
o: 0114 220-1289 m: 07973 530987

----------------------------------------------
ATI Allvac Ltd, regd. in England, 1919677 
Cyclops Works, President Way, Sheffield S4 7UR
---------------------------------------------- 

_______________________________________________
        Sheffield Linux User's Group
  http://www.sheflug.org.uk/mailfaq.html
 GNU - The choice of a complete generation