[ic] Weird ADDITEM

Kevin Walsh kevin at cursor.biz
Thu Oct 26 09:11:22 EDT 2006


Jon <prtyof5 at attglobal.net> wrote:
> For about 2 or more days I've seen two specific IP addresses add a
> particular
> item to their basket. The same 2 IP addresses adding the exact same
> item.
> I can see this in the usertrack log file. The weird part is prior to the
> ADDITEM
> in usertrack there is no trace of either the IP address or the session
> ID.  Other
> then of course the prior ADDITEM which occurs every so often. And each
> time there is a new session ID generated. I'm not sure if this is even
> something
> to worry about or simply ignore.
> 
It sounds as if someone has picked on your website to test a <form> POST
script.  Either that, or some brainless spammer has mistaken your basket
for a "contact us" form, and has pointed a spam script at it.

Either way, it's probably not something to worry about in this case.
It might be interesting to dump the whole POST request to a file, to find
out what they think they're doing.  If it turns out to be some yokel with
a spam script, or other suspicious activity, then you can complain to the
appropriate ISPs.  I doubt that your website will be affected in any way,
other than a few wasted CPU cycles, and a bit of disk space wasted on the
one-page session.

You have the option to block those two IPs at your firewall for a while
(or forever) if you want to do that.

It's good to see someone who actually looks at their log files. :-)

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/


More information about the interchange-users mailing list