| d2r diego's weblog |
weird refererRecently (but I just noticed it today) I started getting HTTP referers that are a variation of the following: "XXXX:+++++++++++++++++++++++" (the number of plus signs varies). A google search with appropriate terms quickly turned up discussions like this one that suggest that the referer is someone using an anonymizer or internet security product of some kind. Without that information it smells like an attempt at an exploit of some kind... but of what kind (and if so, I've never heard of it)? Anyone knows about this? Has anyone else seen it? I'm curious. :) Categories: soft.devPosted by diego on January 7 2004 at 12:59 AM Comments (please see the comments & trackback policy).
I get them all the time too, with all different user agents and IP addresses. They seem to be from home PCs, based on the reverse DNS lookups. It doesn't smell like an exploit attempt to me. Posted by: steve minutillo at January 7, 2004 2:03 AMMy guess (having seen these for a while) is that it's totally legit -- no exploits -- and what's happening is that the anonymizing proxy is simply overwriting with +'s until it hits \0. Posted by: Justin Mason at January 7, 2004 2:38 AMI get similar referrers like this from time to time. I agree with the notion that it's some kind of anonymiser (for example, a common one I get is "Ref: XXXX"). I can't envisage how such a thing could be an exploit, but I'm willing to be educated! Posted by: Ben Poole at January 7, 2004 9:43 AMI guess there's a consensus then! However, I would definitely like to see a product description page that says "we do this to referers" in this and that product. That would be good no? Posted by: Diego at January 7, 2004 1:07 PMhttp://www.webmasterworld.com/forum39/980.htm suspects a Linksys router. Posted by: David Dorward at January 14, 2004 8:21 PMCopyright © Diego Doval 2002-2007.
|