InternetOfficer.com

A robot showing up fairly often (from different IPs but same behaviour) in my server logs is making its own use of awredir.pl by putting its own URL information in the query string. Presumably this is for malicious purposes.

What is the effect? Does this provide a way for the robot to pass through the URL request which would then appear to come from my IP?

What lines could be added to awredir.pl to restrict its action to only my URLs specified as clean?

This persistent malicious robot is attacking seemingly all .php and .pl files it finds as links on my webpages and injects its own URLs into the query strings. So changing the awredir.pl filename would not mask it. I think the robot scans for any script files with query strings using a URL. In the course of dozens of attempts within seconds, it varies from one attempt to the next and eventually tries substituting URLs in every parameter.

The solution is to add an approval subroutine to awredir.pl but my perl knowledge is not up to that. I was hoping someone had already solved that issue and I could find out about such a patch.

I use .htaccess to deny requests with query strings having a URL in the wrong place (such as “?tag=http”, which I never have in my own links) but can't deny “?URL=http” because that is used by my own legitimate calls to awredir.pl

It comes from seemingly unlimited IPs, so I can't block by IP address.

If I changed to using “?myURL=http” I think the robot would find that form in a link on my web page and simply mimic it also.

Is there any other link-redirect script available that is more secure? If not, is any reader sufficient adept with perl to provide a filter subroutine for unapproved URLs ?

Thanks.