Current User: Guest Login
Please consider registering


Lost Your Password?

Search Forums:


 






Minimum search word length is 4 characters – Maximum search word length is 84 characters
Wildcard Usage:
*  matches any number of characters    %  matches exactly one character

awredir security against malicious outside use

Reply to Post Add a New Topic
UserPost

3:03 am
April 19, 2008


knonymouse

New Member

posts 2

A robot showing up fairly often (from different IPs but same behaviour) in my server logs is making its own use of awredir.pl by putting its own URL information in the query string. Presumably this is for malicious purposes.

What is the effect? Does this provide a way for the robot to pass through the URL request which would then appear to come from my IP?

What lines could be added to awredir.pl to restrict its action to only my URLs specified as clean?

4:18 am
April 19, 2008


Jean-Luc

Admin

posts 1125

Hi,

What they gain with this is not clear to me. A limited benefit I can think off is that they can show a URL that is in your domain, but not many will be fooled, as your URL's end with their "bad" URL's anyway.

Another effect could be that search engines consider that you link your website to "bad" websites and they could penalize you for that. Your ranking in Google could suffer.

You could add a list of approved URL's to awredir.pl, but this requires some Perl knowledge.

As a workaround, you could change the name of awredir.pl into something else. The malicious robot will not be able to find your renamed awredir.pl .

This simple workaround will probably be good enough, except if some ill-intended persons monitor your website and change the robot programming accordingly.

10:16 pm
April 23, 2008


knonymouse

New Member

posts 2

This persistent malicious robot is attacking seemingly all .php and .pl files it finds as links on my webpages and injects its own URLs into the query strings. So changing the awredir.pl filename would not mask it. I think the robot scans for any script files with query strings using a URL. In the course of dozens of attempts within seconds, it varies from one attempt to the next and eventually tries substituting URLs in every parameter.

The solution is to add an approval subroutine to awredir.pl but my perl knowledge is not up to that. I was hoping someone had already solved that issue and I could find out about such a patch.

I use .htaccess to deny requests with query strings having a URL in the wrong place (such as "?tag=http", which I never have in my own links) but can't deny "?URL=http" because that is used by my own legitimate calls to awredir.pl

It comes from seemingly unlimited IPs, so I can't block by IP address.

If I changed to using "?myURL=http" I think the robot would find that form in a link on my web page and simply mimic it also.

Is there any other link-redirect script available that is more secure? If not, is any reader sufficient adept with perl to provide a filter subroutine for unapproved URLs ?

Thanks.

Reply to Post

Reply to Topic:
awredir security against malicious outside use

Guest Name (Required):

Guest Email (Required):

NOTE: New Posts are subject to administrator approval before being displayed

Smileys
Confused Cool Cry Embarassed Frown Kiss Laugh Smile Surprised Wink Yell
Post New Reply

Guest URL (required)

Math Required!
What is the sum of:
10 + 11
   


About the InternetOfficer.com Forum

Forum Timezone: UTC 1

Most Users Ever Online: 302

Currently Online:
14 Guests

Currently Browsing this Topic:
1 Guest

Forum Stats:

Groups: 2
Forums: 9
Topics: 638
Posts: 2712

Membership:

There are 257 Members
There have been 305 Guests

There is 1 Admin
There is 1 Moderator

Top Posters:

cssfsu – 55
deepakgupta – 34
albert_newton – 30
cosminpana – 20
DTNMike – 19
ahtshun83 – 17

Recent New Members: raju, todd2taylor, sbdcunha, mansigill1987, ThomasDuh, ThomasKic

Administrators: Jean-Luc (1125 Posts)

Moderators: Jean-Luc (1125 Posts)