Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 86071 invoked from network); 30 Apr 2008 20:58:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 Apr 2008 20:58:53 -0000 Received: (qmail 30892 invoked by uid 500); 30 Apr 2008 20:58:42 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 30868 invoked by uid 500); 30 Apr 2008 20:58:42 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 30857 invoked by uid 99); 30 Apr 2008 20:58:42 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Apr 2008 13:58:42 -0700 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=SPF_SOFTFAIL X-Spam-Check-By: apache.org Received-SPF: softfail (nike.apache.org: transitioning domain of delbd+jakarta@oma.be does not designate 195.238.6.51 as permitted sender) Received: from [195.238.6.51] (HELO mailrelay001.isp.belgacom.be) (195.238.6.51) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Apr 2008 20:57:50 +0000 X-Belgacom-Dynamic: yes X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqEBAJd4GEhbsd0H/2dsb2JhbAAIrhw Received: from 7.221-177-91.adsl-dyn.isp.belgacom.be (HELO [10.0.0.4]) ([91.177.221.7]) by relay.skynet.be with ESMTP; 30 Apr 2008 22:58:11 +0200 Message-ID: <4818DD63.7000209@oma.be> Date: Wed, 30 Apr 2008 22:58:11 +0200 From: David Delbecq User-Agent: Thunderbird 2.0.0.12 (X11/20080227) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: hackers sending long URLs to probe site? References: <49AC6EBD-DD2F-484B-8DC9-883AFC79A793@diglloyd.com> <4810BF97.2010703@christopherschultz.net> <8FE1970B-9447-4DEE-8EF2-F1FF3AA6168F@diglloyd.com> In-Reply-To: <8FE1970B-9447-4DEE-8EF2-F1FF3AA6168F@diglloyd.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org DIGLLOYD INC a �crit : > Christopher, > > Thank you. This is helpful. Sorry about the "hijacked thread", I > didn't think of that. > > Yes, I've double-checked that my site isn't generating the bad links. > It's all static HTML and I've searched for any duplications, "../../" > type things, etc. I don't currently generate any URLs, and the sheer > length of the duplication rules out any basic mistakes in static html. > > I have directory indexes turned off, confirmed by seeing 404 codes on > certain directories in which I don't have index files (intentionally). > > Lloyd A bit late to respond, but it might also be a worm infected computer trying to probe your server to check if it can be used as an attack vector. However, am more used to worms checking for urls containing cmd.exe, which probes for security holes in IIS. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org