Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 POST attemps
Author: C.Dyne   (3 Nov 12 2:46am)
I regularly get a lot of spammer attempting to POST to my honey pot in the following way:
1. visit the index ( domain.fu/directory/index.php )
2. attempt post (domain.fu/directory//. )

Can anyone explain what it is they're attempting to do by POSTing to /. ? I assume some sort of directory traversal is intended but what specifically is their intention ?

Thanks
 
 Re: POST attemps
Author: H.User1325   (4 Nov 12 5:57am)
Their just looking for a way in.
I see similar entries in my logs along with every variation of phpinfo, dbadmn, websql, phpMyAdmin, etc. Their directory searches of my domains also include many system defaults like /htdocs, /admin, /xampp and directories used by WYSIWYG design tools along with extension .htm and .html. They also do GETs to all directories (domain/directory/) letting the host system find any index/Welcome file with what ever extension.

They are just looking for a weakness. A "well behaved" spider would just follow sitemap.xml or links in your files, not looking around for test files, tools or things left behind from design changes. But all domain traversals are not well behaved.
 
 Re: POST attemps
Author: C.Dyne   (6 Nov 12 3:23am)
OK great, I see many many POST hits in my honey pot directory but my results say that I've helped catch very few actual spammers so was under the impression something may be wrong, but I guess not.

Many thanks
 
 Re: POST attemps
Author: H.User1325   (6 Nov 12 6:24am)
Give it time. Not all spiders/visitors are harvesters. There also may be a delay between harvesting an address from your hp, selling it to a spammer, and sending spam to the spam trap.

Lots of good and bad reasons for a web crawler to visit your hp, in addition to mapping your domain or harvesting email addresses. Others seem to be looking for weaknesses in your domain. Not so much to hack you, as to use you as a gateway into your host. From there to someone else on the same host machine or to your host's mail server, etc. It is not a benign environment.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email