1

I've been getting lots of attempts to access pages on my site with 5 upper/lowercase chars as the first path. For example:

/aOKTW/validpage

That first 5 character path is always different. I suspect this is some type of hacking attempt, but can't figure out what. Anyone seen this?

At the moment I'm generating 404s but would like to be a bit broader in blocking this traffic and subsequent URL requests.

unor
  • 21,739
  • 3
  • 46
  • 117
TSG
  • 242
  • 1
  • 2
  • 9
  • I read that hackers attempt various URLs to discover what framework your site is running on. They want to know what kind of code and platform you're using to discover any security flaws that are known. If they're visiting pages like /aOKTW/validpage then perhaps there is a platform out there that uses that as an actual page for their scripts. If the page resolves then you're using xyzframework. If it doesn't, then you're using something else. Maybe that's it? I get a lot of weird URL requests on my site that don't make any sense. I don't think much of it but maybe I should as well – Michael d Mar 06 '18 at 23:58
  • 1
    Okay. These are a result of links made by one or more compromised computers that think your computer is also compromised. The pages made are spam and/or link pages. It is script kiddie stuff. As long as you are returning a 404 there is nothing to worry about. There my be no sense in blocking these accesses since they would not be too consistent over time. Leave it alone. We get these questions a lot. Cheers!! – closetnoc Mar 07 '18 at 00:32
  • Do you have alternate or old domains that redirect to your site through GoDaddy? That reminds me of GoDaddy's 301 redirect/forwarding has some weird random middleman URL, kills link juice? – Stephen Ostermiller Mar 07 '18 at 03:09
  • The site is hosted on Godaddy, but no alternate/old domains...interest idea. But I suspect like closetnoc said some script kiddies – TSG Mar 07 '18 at 03:13
  • Your site is not unique in this. I found a few sites around the net that allowed me to see a familiar pattern. Cheers!! – closetnoc Mar 07 '18 at 03:41

0 Answers0