Archiv verlassen und diese Seite im Standarddesign anzeigen : Server-Logs: %25255C
Hi,
ich hab mal die Serverlogs durchgesehen und dabei ganz viele Aufrufe gefunden, die nach dem Schema *URL*%25255C lauten.
Ich geh mal davon aus, dass das Bots oder derartige Sachen sind: Was bedeutet das / was ist das / was bewirkt das?
Danke im Voraus
sei laut
2011-02-24, 22:01:51
Ein fehlerhafter Bot?
%25 wird zu %. Dann würde also hinten %5C stehen, was wiederrum \ bedeutet, was aber so niemals umgewandelt werden würde - jedenfalls machts kein Browser.
Und warum man in einer URL ein \ will, ist mir auch noch nicht so ganz klar.
Sephiroth
2011-02-24, 22:56:56
poste doch mal ein paar komplette zeilen (gerne auch ohne IP/Host info)
sieht eher nach einem trick aus, um dem skript einen pfad/verzeichnis unterzujubeln. mit %xx werden bestimmte zeichen in der URL durch ihren ascii code ersetzt (stichwort urlencode (http://www.albionresearch.com/misc/urlencode.php) und siehe RFC2396 (http://tools.ietf.org/html/rfc2396) 2.4).
Zensiert:
IP: Die jeweilige IP-Adresse
URL: http://www.de/
Verzeichnis: Der Server-Pfad
[Tue Feb 22 04:15:30 2011] [error] [client *IP2*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 04:15:31 2011] [error] [client *IP2*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 04:15:32 2011] [error] [client *IP2*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 04:15:32 2011] [error] [client *IP2*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 04:15:54 2011] [error] [client *IP2*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/forum/forum-1.html/
[Tue Feb 22 04:15:55 2011] [error] [client *IP2*] File does not exist: *Verzeichnis*forum/forum-1.html, referer: http://*URL*/forum/forum-1.html/
[Tue Feb 22 05:43:45 2011] [error] [client *IP3*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:43:46 2011] [error] [client *IP3*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:43:46 2011] [error] [client *IP3*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:43:47 2011] [error] [client *IP3*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:43:48 2011] [error] [client *IP3*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:43:49 2011] [error] [client *IP3*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:43:49 2011] [error] [client *IP3*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=register%25255C
[Tue Feb 22 05:43:50 2011] [error] [client *IP3*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=register%25255C
[Tue Feb 22 05:48:19 2011] [error] [client *IP4*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:48:19 2011] [error] [client *IP4*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:48:20 2011] [error] [client *IP4*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 05:48:20 2011] [error] [client *IP4*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:06:33 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/,this,a)}});Ajax.Request.Events=[
[Tue Feb 22 06:18:04 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/]=this.options.contentType+(this.options.encoding
[Tue Feb 22 06:30:39 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/[
[Tue Feb 22 06:35:49 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/};if(this.method==
[Tue Feb 22 06:45:47 2011] [error] [client *IP5*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:45:48 2011] [error] [client *IP5*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:45:53 2011] [error] [client *IP5*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:45:54 2011] [error] [client *IP5*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:56:43 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:56:45 2011] [error] [client *IP6*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:56:50 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 06:56:51 2011] [error] [client *IP6*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Tue Feb 22 07:01:11 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/Suche...
[Tue Feb 22 07:11:41 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/).unfilterJSON())}catch(e){this.dispatchException(e)}},dispatchException:functio n(a){(this.options.onException||Prototype.emptyFunction)(this,a);Ajax.Responders .dispatch(
[Tue Feb 22 07:18:01 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/+(this.getUTCMonth()+1).toPaddedString(2)+
[Tue Feb 22 07:25:06 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/}}};Element._attributeTranslations.has={};$w(
[Tue Feb 22 07:25:17 2011] [error] [client *IP1*] File does not exist: *Verzeichnis*forum/jscripts/).evaluate(m)},descendant:
...
[Thu Feb 24 00:08:40 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/[script[^]]*]([\\\\S\\\\s]*
[Thu Feb 24 00:08:59 2011] [error] [client *IP6*] script '*Verzeichnis*forum/jscripts/member.php' not found or unable to stat
[Thu Feb 24 00:19:36 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/);if(this.transport.overrideMimeType&&(navigator.userAgent.match(
[Thu Feb 24 00:23:03 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/[
[Thu Feb 24 00:24:38 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/},activate:function(a){a=$(a);try{a.focus();if(a.select&&(a.tagName.toLowerCase()!=
[Thu Feb 24 00:26:53 2011] [error] [client *IP6*] script '*Verzeichnis*forum/jscripts/reputation.php' not found or unable to stat
[Thu Feb 24 00:28:01 2011] [error] [client *IP6*] script '*Verzeichnis*forum/jscripts/report.php' not found or unable to stat
[Thu Feb 24 00:37:14 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/==a[3])break;expr=expr.substring(
[Thu Feb 24 00:38:56 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/Microsoft.XMLHTTP
[Thu Feb 24 00:39:36 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/+lang.password+
[Thu Feb 24 00:40:04 2011] [error] [client *IP7*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Thu Feb 24 00:40:05 2011] [error] [client *IP7*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Thu Feb 24 00:40:06 2011] [error] [client *IP7*] File does not exist: *Verzeichnis*%5c%22http:, referer: http://*URL*/%255c%2522http:/*URL*/forum/member.php/?action=lostpw%25255C
[Thu Feb 24 00:40:08 2011] [error] [client *IP7*] File does not exist: *Verzeichnis**URL*, referer: http://*URL*/*URL*/forum/member.php/?action=lostpw%25255C
[Thu Feb 24 00:42:19 2011] [error] [client *IP8*] File does not exist: *Verzeichnis*CHANGELOG.txt
[Thu Feb 24 00:42:20 2011] [error] [client *IP8*] File does not exist: *Verzeichnis*misc
[Thu Feb 24 00:42:23 2011] [error] [client *IP8*] File does not exist: *Verzeichnis*umbraco
[Thu Feb 24 00:42:26 2011] [error] [client *IP8*] script '*Verzeichnis*sitecore.php' not found or unable to stat
[Thu Feb 24 01:05:40 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/[
[Thu Feb 24 01:09:46 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/){(e=stripAlpha(e))
[Thu Feb 24 01:17:16 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/postbit_multiquote.gif
[Thu Feb 24 01:18:33 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/},patterns:{laterSibling:
[Thu Feb 24 01:26:59 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/).replace(
[Thu Feb 24 01:27:36 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/jscripts/*
[Thu Feb 24 09:51:06 2011] [error] [client *IP6*] File does not exist: *VERZEICHNIS*forum/++++++++++++++++++++++++++++++++++++Result:+\xe8\xf1\xef\xee\xeb\xfc\xe7\xee\xe2 \xe0\xed+\xed\xe8\xea\xed\xe5\xe9\xec+"desDeemattraf";+\xef\xe8\xea\xf2\xee\xea\xee\xe4+\xe4\xe5\xf8\xe8\xf4\xf0\xee\xe2\xe0\xf2\xfc+ \xed\xe5+\xf3\xe4\xe0\xeb\xee\xf1\xfc;+\xe7\xe0\xf0\xe5\xe3\xe8\xf1\xf2\xf0\xe8\ xf0\xee\xe2\xe0\xeb\xe8\xf1\xfc+(\xe2\xea\xeb\xfe\xf7\xe5\xed+\xf0\xe5\xe6\xe8\x ec+\xf2\xee\xeb\xfc\xea\xee+\xf0\xe5\xe3\xe8\xf1\xf2\xf0\xe0\xf6\xe8\xe8);, referer: *URL*forum/++++++++++++++++++++++++++++++++++++Result:+%E8%F1%EF%EE%EB%FC%E7%EE%E2%E0%ED+%E D%E8%EA%ED%E5%E9%EC+%22desDeemattraf%22;+%EF%E8%EA%F2%EE%EA%EE%E4+%E4%E5%F8%E8%F 4%F0%EE%E2%E0%F2%FC+%ED%E5+%F3%E4%E0%EB%EE%F1%FC;+%E7%E0%F0%E5%E3%E8%F1%F2%F0%E8 %F0%EE%E2%E0%EB%E8%F1%FC+%28%E2%EA%EB%FE%F7%E5%ED+%F0%E5%E6%E8%EC+%F2%EE%EB%FC%E A%EE+%F0%E5%E3%E8%F1%F2%F0%E0%F6%E8%E8%29;
[Thu Feb 24 09:51:22 2011] [error] [client *IP6*] File does not exist: *Verzeichnis*forum/++++++++++++++++++++++++++++++++++++Result:+\xe8\xf1\xef\xee\xeb\xfc\xe7\xee\xe2 \xe0\xed+\xed\xe8\xea\xed\xe5\xe9\xec+"desDeemattraf";+\xef\xe8\xea\xf2\xee\xea\xee\xe4+\xe4\xe5\xf8\xe8\xf4\xf0\xee\xe2\xe0\xf2\xfc+ \xed\xe5+\xf3\xe4\xe0\xeb\xee\xf1\xfc;+\xe7\xe0\xf0\xe5\xe3\xe8\xf1\xf2\xf0\xe8\ xf0\xee\xe2\xe0\xeb\xe8\xf1\xfc+(\xe2\xea\xeb\xfe\xf7\xe5\xed+\xf0\xe5\xe6\xe8\x ec+\xf2\xee\xeb\xfc\xea\xee+\xf0\xe5\xe3\xe8\xf1\xf2\xf0\xe0\xf6\xe8\xe8);, referer: *URL*forum/++++++++++++++++++++++++++++++++++++Result:+%E8%F1%EF%EE%EB%FC%E7%EE%E2%E0%ED+%E D%E8%EA%ED%E5%E9%EC+%22desDeemattraf%22;+%EF%E8%EA%F2%EE%EA%EE%E4+%E4%E5%F8%E8%F 4%F0%EE%E2%E0%F2%FC+%ED%E5+%F3%E4%E0%EB%EE%F1%FC;+%E7%E0%F0%E5%E3%E8%F1%F2%F0%E8 %F0%EE%E2%E0%EB%E8%F1%FC+%28%E2%EA%EB%FE%F7%E5%ED+%F0%E5%E6%E8%EC+%F2%EE%EB%FC%E A%EE+%F0%E5%E3%E8%F1%F2%F0%E0%F6%E8%E8%29;
sei laut
2011-02-25, 09:16:24
:|
Das %25255C als referer übertragen wird, war dir wohl unwichtig. Referer gibt an, woher ein Nutzer kam, also wo er auf den Link klickte, der ihn zu dem Pfad davor führte.
Und "Verzeichnis%5c%22http" wird spannend, denn es heißt:
Verzeichnis\"http
Über die Bedeutung muss ich selbst noch sinnieren..
Äh ja :D Danke auf jeden Fall schon mal. Aber soweit ich weiß kann man den Referer doch rel. einfach manipulieren, oder nicht?
Und Links wie 3dcenter.de\"http habe ich mit ziemlicher Wahrscheinlichkeit nicht irgendwo gesetzt :D
Lokadamus - nixBock
2011-02-28, 06:52:45
Und warum man in einer URL ein \ will, ist mir auch noch nicht so ganz klar.mmm...
Schonmal mit dem IE von MS gesurft???
Ich tippe auf einen Bot, der versucht sich anzumelden bzw. Benutzernamen herauszufinden. Das member.php/?action=lostpw%25255C sieht irgendwie so aus. Das dumme ist, man kann die angegebene IP so schlecht auflösen, um herauszufinden, woher die Anfragen kamen.
188.165.200.113
65.19.131.221
94.19.191.183
213.5.71.167
...
typische spammer-ip-adressen
vBulletin®, Copyright ©2000-2024, Jelsoft Enterprises Ltd.