[WebSiteGuru]

I had been noticing that my site visitors Home location been something like this.

Quote:

/index.php?name=http://***.***.***/placeholder/image?

I don't know what to make of it. I tried every possible ways in banning the IP, htaccess, iptable, even robot.txt. And these visitors sill show up.

I did follw the link to one of the site. It looks like SPAM.

Can anyone help?

[NanoCaiordo]

WebSiteGuru

\=http:// is banned from .htaccess and they get a 503 denied by configuration error, will show up in your logs.

if you ban the ip from .htaccess all depends if you put it belove or above the \=http:// and the result will be the same as the above.

if your .htaccess works then DragonflyCMS will not see them at all but you will still see them in your logs.

iptables ... is suppose to be a excellent way but who deny them to change ip or use proxies that will give them a new ip every new request? try to ban their IPv6! Sure you will probably ban few open proxy server, which is not a bad idea at the end

I know for sure that if you look for their user agent you will probably notice that they have something in common. Funny part? they never change the user agent string (at least for the last 6 months they are always using the same).

[Jeruvy]

I will ban the IP only if it becomes epidemic, otherwise let the error handler do the work. As long as your not seeing any real results from such a query you should be ok.

For the record I see them too usually with page requests like 'thishouldnotexisthahaha.php', my guess is they are trying to find a vulnerability in a poor mod_rewrite rule. Or they are looking for a piece of code that they previously tried to upload and this is a check for it.

[sultan]

WebSiteGuru wrote:

I had been noticing that my site visitors Home location been something like this.

Quote:

/index.php?name=http://***.***.***/placeholder/image?

I don't know what to make of it. I tried every possible ways in banning the IP, htaccess, iptable, even robot.txt. And these visitors sill show up.

I did follw the link to one of the site. It looks like SPAM.

Can anyone help?

I have been getting nailed repeatedly the last weeks or so by the same and similar injection links and banned well over 70 IPs and in a few cases IP ranges via .htaccess and within CPG itself.
IP Tracker and server logs have been my savior.
Targets in my case have all been at ftp via the above and Guestbook via addentry by guests when it available and seen only by members. Same IPs are usually targetting both in my case. btw, they aren't hard to spot and once I see them I kill their session immediately through phpmyadmin and then block IP. As I can't stay online 24/7 IP Tracker logs the rest and I block as needed.

[sultan]

Not CPG site, but this person is having same exact issue and from same places and logging every bit of it.
security.pigstye.net/s....php/index

[NanoCaiordo]

always been and will always be, but even without htaccess all our variables are well validated, no need to be alarmed. Its almost like ssh server scanning, after a while you get use to it.

[sultan]

Thanks. All is well and makes me glad I am utitilizing CPG-Dragonfly.