I'm having the same issue--being pounded by misbehaving bot that substitutes URL's in place of arg values.
Any ideas on how to isolate & block these bots? USER_AGENT looks pretty normal so I can't block on that basis. Thanks. Mikal Anderson ----- Original Message ----- From: Fogelson, Steve To: witango-talk@witango.com Sent: Thursday, February 28, 2008 7:44 AM Subject: Witango-Talk: Curiuos Hi, Here is a sample of urls that are being submitted to some of my sites. They are reported as errors as I'm using Scott's error reporting routine. www.xxxxxx.com/Category/2lvl1lstbx.taf?Master_ID=http%3A%2F%2Fwww.felixtorresycia.com%2Fadmin%2Fcorreo%2Fenaq%2Fecib%2F&cat=150 www.xxx.com/main.taf?Cat=http%3A%2F%2Fwww.tureksfuar.com.tr%2Fjoomla%2Fmambots%2Fcontent%2Fugi%2Fvipo%2F&RD=1&_start= www.xxxx.com/custom.taf?cpage=http%3A%2F%2Fsahel55.com%2Farticles%2Fomaduro%2Fkimumid%2F I checked the ip address and they are coming from Amsterdam. Does this look like possible "cross-scripting" attempts or some other "hack" on their part? Some time back I had to resort to white-listing ip addresses on my ftp servers as brute force account and password attacks were originating from Amsterdam. Thanks Steve Fogelson ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ------------------------------------------------------------------------------ No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.1/1302 - Release Date: 2/27/2008 4:34 PM ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
