On Sat, Jul 19, 2014 at 7:11 PM, Paul <p...@nines.org> wrote: > I'm getting a 500 error on my website that obviously comes from a bot. I'd > like to duplicate that error so that I can try to suppress the email message > that gets sent to me. > > The error contains: > (ArgumentError) "invalid %-encoding > > It's in a "show" action, so it's a GET command. I can see the URL and that > URL doesn't contain any strange characters. When I put that URL in a browser > everything works. > > I notice, in the error message I receive, there is a bunch of non-ascii > text, and embedded in it is "Network Solutions Certificate Authority". > > There is no indication that I can see of how that info is being sent. Is > that in a cookie? Is there any other mechanism that a client can sent info > to the server?
I've been seeing a lot of these lately, all from this user-agent: Mozilla/5.0 (compatible; EasouSpider; +http://www.easou.com/search/spider.html) from the following IP:183.60.214.126 (China Telecom block) The problem is it's a GET request with a content-body, which is not strictly prohibited by the RFCs, but not technically supported either. If your exception notifier provides it, look at the value of 'rack.request.form_vars' where you'll see what appears to be a binary cert file's contents. Regardless, it seems like this spider is either seriously broken, or actively hostile. I'm thinking about a Rack filter to drop any GET request with a content-length header or a non-empty body, but the quickest fix is to use iptables to block this thing altogether :-) HTH, -- Hassan Schroeder ------------------------ hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yCsN6fETj6%2BA41k2qsU3u3Z-dtnw9g00XhkhuTX4UTXTQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
