[ic] Weird ADDITEM
Kevin Walsh
kevin at cursor.biz
Thu Oct 26 09:11:22 EDT 2006
Jon <prtyof5 at attglobal.net> wrote:
> For about 2 or more days I've seen two specific IP addresses add a
> particular
> item to their basket. The same 2 IP addresses adding the exact same
> item.
> I can see this in the usertrack log file. The weird part is prior to the
> ADDITEM
> in usertrack there is no trace of either the IP address or the session
> ID. Other
> then of course the prior ADDITEM which occurs every so often. And each
> time there is a new session ID generated. I'm not sure if this is even
> something
> to worry about or simply ignore.
>
It sounds as if someone has picked on your website to test a <form> POST
script. Either that, or some brainless spammer has mistaken your basket
for a "contact us" form, and has pointed a spam script at it.
Either way, it's probably not something to worry about in this case.
It might be interesting to dump the whole POST request to a file, to find
out what they think they're doing. If it turns out to be some yokel with
a spam script, or other suspicious activity, then you can complain to the
appropriate ISPs. I doubt that your website will be affected in any way,
other than a few wasted CPU cycles, and a bit of disk space wasted on the
one-page session.
You have the option to block those two IPs at your firewall for a while
(or forever) if you want to do that.
It's good to see someone who actually looks at their log files. :-)
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list