Weird Url's

[Deverill]

Hey gang,

I was looking at the 401 errors on one of my sites and I'm seeing quite a few entries like this:

/Administration/\\

I really don't think DreamWeaver could be doing it and I certainly didn't (on purpose) so it got me wondering if this is some kind of attempt to get access to the root folder. Does anyone know why else this weird url would be there?

 

I'm also seeing

/&dq=daycare

and I don't use any parameterized URL's so What's Up Wit Dat?

 

Any ideas? Thanks.

[TCH-Andy]

Jim,

 

I would pull off the raw log file, and search for those entries. I would then check where the link was being referred from, the IP address and what else that IP address had been trying to access. That should give you a lot more info as to if it is a bad link somewhere, or if it is a real attempt by someone to get somewhere they shouldn't.

 

Andy

[ztrauq]

I've seen these before on some of the webserver's I've administered - my home server especially got nailed with a lot of these. Most of these types of requests seem to be people trying to access the URLs of known vulnerable locations in IIS - /admin/ or the like is one of them. The backslashes especially seem to indicate that someone is trying to access a Windows file path. Since TCH sites are hosted on Linux webservers, these vulerabilities are not present, so I wouldn't worry about it too much.

 

Still, tracing back the IP of the person trying this might be a good idea - if it's from a domain ending in .ru or something fairly exotic and is asking for an admin directory, chances are it's someone "casing the joint" for a hack. If they're in the US, you can try sending an email to the abuse address of the originating ISP if you suspect that someone was trying hacker activity.