Re: Reallyl fouled up scans from linux15.ebar.dtu.dk

From: Daniel Martin (dtmartin24at_private)
Date: Wed May 23 2001 - 07:13:09 PDT

Next message: Daniel CHIRITA: "RE: Reallyl fouled up scans from linux15.ebar.dtu.dk"

Previous message: Guido Van De Velde: "What's on 4662 ?"
In reply to: Joshua J. Kugler: "Reallyl fouled up scans from linux15.ebar.dtu.dk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Joshua J. Kugler" <isdat_private> writes:

> A lot of the requests are good, it looks like he was trying to traverse the 
> tree.  Every now and then, there are requests of the form:
> 
> /~EgggNoggg/Testing/?D=A
> 
> Is the ?D=A testing for some hole?

No, it's just following a link that Apache's standard directory list
generates - if you go to http://www.as.uaf.edu/~EgggNoggg/Testing/
and follow one of the "Name", "Size" or other column headings' links,
you'll get a URL that looks like that.

> Here are some other odd ones
> 130.225.77.30 - - [11/May/2001:11:33:06 -0800] 
> "GET/~havolina/%20%20%20%20%20%20%20http://www.cicv.fr/creation_artistique/online/orlan/index.html 
> HTTP/1.0" 404 386 "-" "Mozilla 4.0 (compatible; HttpTool/0.1)"

Nothing odd here except that the referring page -
http://www.as.uaf.edu/~havolina/links.html - has a bad link.  Way to
go WYSIWYG editors...

The other URLs you cite are all Apache-generated directory sort links.

And a bit of searching solves the question of where the long recursive
URL seems to come from.  If you go to http://www.as.uaf.edu/sic/ and
_don't_ have a password for the site, you get a page that, among other
things, includes this down at the bottom:
<A href="stugov/">About ASUAF</A> |

Now, following that link will attempt to access
http://www.as.uaf.edu/sic/stugov/ - again, without a password you get
the same "please give us a password" page.  And again, down at the
bottom you have the HTML fragment:
<A href="stugov/">About ASUAF</A>
Which when followed will attempt to access
http://www.as.uaf.edu/sic/stugov/stugov/ and so forth.

There are at least two ways I can see of avoiding this.  One is to
have the links at the bottom of the page all start with /'s - so that
the HTML fragment above becomes
<A href="/stugov/">About ASUAF</A>
Another is to include a BASE tag in the "please enter your password"
page, for example:
<BASE href="http://www.as.uaf.edu/sic">

I will note that another way that happens to work in this case is to
leave off the trailing slash from "stugov", but that feels a bit too
hackish.  (I've always been touchy about leaving that trailing slash
on there; sure, Apache and IIS always issue redirects from
http://somewhere/something/subdir to
http://somewhere/something/subdir/ but not every server necessarily
behaves that way - blame my early experience with OSU's VMS-based
server)

Next message: Daniel CHIRITA: "RE: Reallyl fouled up scans from linux15.ebar.dtu.dk"
Previous message: Guido Van De Velde: "What's on 4662 ?"
In reply to: Joshua J. Kugler: "Reallyl fouled up scans from linux15.ebar.dtu.dk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 23 2001 - 17:30:33 PDT