View Full Version : Poll Booth?
03-19-2009, 06:04 PM
Has anyone seen hits like this in his logs? I've been getting a lot of them lately, from all over the place, but only on one of my sites. They just generate 404s on my site, so I'm not really concerned about them. I just can't figure out what they are, and what's generating them:
(link removed, for safety's sake)
The URL in there has absolutely nothing to do with any site of mine. It's a strange little site that doesn't appear to have had any new content since early 2006. But the hits are definitely in my "latest visitors" list, and in my awstats list of 404s.
03-20-2009, 01:39 AM
It's an attempt to get a linkback to their site if your server logs are public and get crawled, or at the very least searched for, which raises its rank.
If you recall, a certain spambot was advertising in a similar fashion on the board yesterday. They use an arbitrary, unique word for their product, which they get you to search for on google. It increases their popularity rating when people land on their page, and the more visitors they get, the more revenue they receive from ads on their site, even if you don't buy anything from them.
03-20-2009, 04:31 AM
That would make sense if the site were an active site, with ads on it. But it's not - the site appears to be dead, with no revenue-generating stuff on it. In fact, the only outside links on the page at all are to Joomla and Bluehost, and a few links to some Yahoo Groups. Nothing else, and nothing newer than June 2006. Very puzzling.
Ultimately it doesn't matter much, of course, since my logs aren't public. I'm just curious about the motivation behind it.
03-20-2009, 05:04 AM
This is a very basic penetration test, normally ran against several thousands sites at a time.
If you were to be running whatever software that has that particular vulnerability, it would load the PHP page (id1.txt) and flag that URL as exploitable.
Next would come the inclusion of one of the many popular php shells that would give the attacker complete control over many aspects of your account.
Happens about a bajillion times a day to people that run outdated php code.
03-20-2009, 05:09 AM
I'll remove the link from my original post.
03-20-2009, 06:51 AM
True, it was an inclusion attempt. Spambots have similar behavior, and I didn't check the link.
03-21-2009, 04:53 AM
I've had the same hits as others, it looks to be bots looking for Advanced Poll which is the app that has the vulnerability.
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.