NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: jorgeb on August 25, 2014, 12:07:03 PM

Title: LOG: This is dangerous?
Post by: jorgeb on August 25, 2014, 12:07:03 PM

In my application log has the following record:

GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1
Accept-Encoding: gzip,deflate,sdch
Referer: http://hotel.qunar.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Host: hotel.qunar.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive


I want to know if this is a sign of alarm and if so what I can do to prevent and be safer. And if not dangerous, to know also.
In my application I have the basis of Example 3 (BasicLogin) to only registered users from accessing a consultation of their orders.
Working with NT7.39 and C91
Thanks in advance

Title: Re: LOG: This is dangerous?
Post by: Bruce on August 27, 2014, 09:28:22 PM

this is not dangerous (for a NetTalk server anyway.)

presumably it is dangerous to some system, so there's a script looking for this vulnerability.

Actually if you check your logs you'll see lots and lots of this sort of request - probing the server to see if it responds to common vulnerabilities in other servers.

cheers
Bruce

Title: Re: LOG: This is dangerous?
Post by: Devan on August 27, 2014, 11:36:17 PM

Yeah,

On my public Nettalk webservers, I routinely see all sorts of calls made to phpmyadmin and other routes.  Tons of them.  Quite funny actually.  Oh well, I guess it is wasting processing time for some hacker, so I consider it a community service!  ;D

Cheers,
Devan

Title: Re: LOG: This is dangerous?
Post by: jorgeb on August 28, 2014, 07:27:38 AM

Ok. Many thanks for the information, Bruce and Devan.

Regards