nanog mailing list archives
Random five character string added to URLs?
From: "Christopher J. Pilkington" <cjp () 0x1 net>
Date: Tue, 1 Nov 2011 15:51:04 -0400
This might be off-topic, my apologies if so. I seeing requests against a server with initial GET requests in the form: GET /[a-zA-Z]{5}/pagename.html pagename.html being optional. The 5 character string seems to be random. This GET always results in a 404, as our servers don't have these paths. The second request seems to always the same without the modified path, which results in a 20. I initially suspected this was something from an attack or DOS tool, but the traffic doesn't fit such a pattern. Is anyone familiar with what device/service behaves in this fashion? Clearly something layer 7 is between the clients and the server. Provider is without clue regarding this. Google results in many GoDaddy users complaining of same; the server in question is not hosted with them, but I suspect they may be doing something similar. Thanks, -cjp
Current thread:
- Random five character string added to URLs? Christopher J. Pilkington (Nov 01)
- <Possible follow-ups>
- Re: Random five character string added to URLs? Stefan Fouant (Nov 01)
- Re: Random five character string added to URLs? Jeff Kell (Nov 01)