Posted by Marnok.com on 01/21/08 08:31

I've had some odd activity on one of my sites.

This site tracks links to external sites. If I want to send a visitor to
http::qwerty.com/abcd it would link to go_qwerty.php?page=abcd

The go_qwerty.php then $_GET[page], records the page/datetime into a log
file and then location: to the desired page.

Person or persons unknown keep calling the go_qwerty.php and putting full
URLs as the ?page reference. These pages are from a variety of sites but
always refer to an identical looking page:

<?php echo md5("just_a_test");?>displays on page when I visit these URLS.
When I test by putting the suspicious URLs in as
?page=suspicious_url.com/blah it does nothing (tries to location: to
qwerty.com/susicious_url.com/blah)Example of a suspicious
link:http://www.nedkellypub.it/concerti/dati/olukev/orawo/Now I can't see
how this benefits them, am I missing something? Have I created some possible
way to hackers to achieve something? Is the displayed code just a cover for
some actual php going on behind the scenes?

[Back to original message]