Possible attack on my site?

[GeorgeP]

I got A LOT of requests like:

 

 

mydomain.com/CB376A--hp-cb376a-multifunctionala-m1005-a4/ ';var%20midStr%20=%20'/';var%20midStr%20=%20'/images/infobox/';var%20midStr%20=%20'/images/infobox/images/infobox/images/infobox/';var%20midStr%20=%20'/';var%20midStr%20=%20'/';var%20midStr%20=%20'/images/infobox/';var%20midStr%20=%20'/';var%20midStr%20=%20

 

from one IP address.... is this guy attacking me or something ???

I tried to put that in my browser but I just get a normal page.

The normal URL is : mydomain.com/CB376A--hp-cb376a-multifunctionala-m1005-a4

is the rest an attack ???

[GeorgeP]

it happend again from another ip.... 80megs of transfer.... what the... ?????

[♥FWR Media]

it happend again from another ip.... 80megs of transfer.... what the... ?????

 

Check the folder catalog/images/infobox

 

All that should be in there (std osC) is 4 images

[photofxplus]

The %20 is url character coding - stands for a space.

So it reads:

var midStr = '/';var midStr = '/images/infobox/';

 

May be hotlinking..

 

you could try and change the name of the directory:

catalog\images\infobox

then apply the changes to page:

catalog/includes/classes/boxes.php

 

such as:

catalog\images\infoboxes

 

Then on page 'catalog/includes/classes/boxes.php' Line:105

$left_corner = tep_image(DIR_WS_IMAGES . 'infobox/corner_left.gif');

Change to:

$left_corner = tep_image(DIR_WS_IMAGES . 'infoboxes/corner_left.gif');

And all other like paths on this page..

 

See if it happens again..

[♥FWR Media]

midStr is pascal is it not?

[photofxplus]

midStr is pascal is it not?

 

The programming language??

 

found this:

http://www.freepascal.org/docs-html/rtl/strutils/midstr.html

 

It is a function in pascal.. But the call seems to name it as a variable which = a string - '/images/infobox/'