I looked around a bit and discovered some legacy code assigning userreference, That's the culprit.
Steve _____ From: Fogelson, Steve [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2008 10:41 PM To: witango-talk@witango.com Subject: RE: Witango-Talk: Curiuos HI, Just thought I would resurrect this thread. A few developers mentioned they are seeing the same thing. I was looking at a Witango log and discovered the following. 18/03/2008 22:22:04 [EMAIL PROTECTED]://www.insanechicken.com//phpMyAdmin/libraries/ludeme/gakacag/ <mailto:[EMAIL PROTECTED]://www.insanechicken.com//phpMyAdmin/libraries/ludeme/gakaca g/> 0 [Expired] Variables for key [EMAIL PROTECTED]://www.insanechicken.com//phpMyAdmin/libraries/ludeme/gakacag/ <mailto:[EMAIL PROTECTED]://www.insanechicken.com//phpMyAdmin/libraries/ludeme/gakaca g/> How are these guys creating a (I assume) userreferencekey equal to their url? Is this a problem? Just curious. Maybe worried! Steve Fogelson _____ From: Fogelson, Steve [mailto:[EMAIL PROTECTED] Sent: Thursday, February 28, 2008 9:44 AM To: witango-talk@witango.com Subject: Witango-Talk: Curiuos Hi, Here is a sample of urls that are being submitted to some of my sites. They are reported as errors as I'm using Scott's error reporting routine. www.xxxxxx.com/Category/2lvl1lstbx.taf?Master_ID=http%3A%2F%2Fwww.felixtorre sycia.com%2Fadmin%2Fcorreo%2Fenaq%2Fecib%2F <http://www.xxxxxx.com/Category/2lvl1lstbx.taf?Master_ID=http%3A%2F%2Fwww.fe lixtorresycia.com%2Fadmin%2Fcorreo%2Fenaq%2Fecib%2F&cat=150> &cat=150 www.xxx.com/main.taf?Cat=http%3A%2F%2Fwww.tureksfuar.com.tr%2Fjoomla%2Fmambo ts%2Fcontent%2Fugi%2Fvipo%2F <http://www.xxx.com/main.taf?Cat=http%3A%2F%2Fwww.tureksfuar.com.tr%2Fjoomla %2Fmambots%2Fcontent%2Fugi%2Fvipo%2F&RD=1&_start=> &RD=1&_start= www.xxxx.com/custom.taf?cpage=http%3A%2F%2Fsahel55.com%2Farticles%2Fomaduro% 2Fkimumid%2F <http://www.xxxx.com/custom.taf?cpage=http%3A%2F%2Fsahel55.com%2Farticles%2F omaduro%2Fkimumid%2F> I checked the ip address and they are coming from Amsterdam. Does this look like possible "cross-scripting" attempts or some other "hack" on their part? Some time back I had to resort to white-listing ip addresses on my ftp servers as brute force account and password attacks were originating from Amsterdam. Thanks Steve Fogelson ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf