Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Very weird visitor logs - what is /?cdoc=blah+blah........... etc


nedragdnuos

Recommended Posts

Hi all,

 

I have just checked my hosting cPanel latest visitors list and found these very strange entries as listed below. Now when i click on the links it takes me to my homepage, but I have checked my site and run sitemonitor (no file changes) and none of these files or even this /?cdoc directory or whatever it is is there. Ive also done a quick file search in cPanel for ?cdoc and come up zilch.

 

If anyone has come across this before and could explain what it means then that would be greatly appreciated

 

 

/?cdoc=st+patrick+s+day+history

Http Code: 200 Date: Apr 22 08:32:11 Http Version: HTTP/1.0 Size in Bytes: 28959

Referer: -

Agent: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

 

 

 

 

 

/?cdoc=saint+patrick+s+day+2010

Http Code: 200 Date: Apr 22 09:20:58 Http Version: HTTP/1.0 Size in Bytes: 4414

Referer: -

Agent: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

 

 

 

 

 

/?cdoc=piperlime

Http Code: 200 Date: Apr 22 10:00:10 Http Version: HTTP/1.0 Size in Bytes: 28921

Referer: -

Agent: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

Link to comment
Share on other sites

While I'm sorry to say I don't know the answer, I've recieved something very similar in the form of ?sdoc, not ?cdoc= blah+blah+blah. The worst part for me is that these have shown up as backlinks to google (reported in Google Webmaster Tools), but, the link profile includes 500 links from garbage sites! My organic rankings have plummeted since the same time these links were detected, thanks to this spammy link profile. I submitted the site for reconsideration.

 

If I had to guess, I would say it was a blackhat scraping program that's doing all this to mass-promote the content we're seeing in the blah+blah... but this is a very uneducated guess and if anyone has another intuition, I'd love to know.

 

In the meantime, I did an htaccess redirect to root from all those ?sdoc= links and made sure my root page was marked as canonical, which I hope will avoid at least some of the consequences of having 500 varied links to my root page from foreign sites.

 

 

Hi all,

 

I have just checked my hosting cPanel latest visitors list and found these very strange entries as listed below. Now when i click on the links it takes me to my homepage, but I have checked my site and run sitemonitor (no file changes) and none of these files or even this /?cdoc directory or whatever it is is there. Ive also done a quick file search in cPanel for ?cdoc and come up zilch.

 

If anyone has come across this before and could explain what it means then that would be greatly appreciated

 

 

/?cdoc=st+patrick+s+day+history

Http Code: 200 Date: Apr 22 08:32:11 Http Version: HTTP/1.0 Size in Bytes: 28959

Referer: -

Agent: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

 

 

 

 

 

/?cdoc=saint+patrick+s+day+2010

Http Code: 200 Date: Apr 22 09:20:58 Http Version: HTTP/1.0 Size in Bytes: 4414

Referer: -

Agent: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

 

 

 

 

 

/?cdoc=piperlime

Http Code: 200 Date: Apr 22 10:00:10 Http Version: HTTP/1.0 Size in Bytes: 28921

Referer: -

Agent: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)

Link to comment
Share on other sites

I'm thinking now this has to do with the injection hack with the base64 code in php files, given that I found that code in each one. Check out the post on that if you haven't already, also in security (eval64, etc. etc.). In the directory that the decoded injection pointed to, I found a bunch of files with the same keyphrases as mentioned in ?sdoc=blah+blah - so, what's left to do I guess is follow the great advice given by members of this forum and finally secure and cleanse it all properly.

Link to comment
Share on other sites

Thanks rbandit for the reply. My site is now cleansed about 3 weeks ago after that base64 code attack. My site is now clean, and secure AFAIK, its just a bit worrysome that these links still redirect to my site, and yes my rankings have fallen quite a bit.

 

Can you explain how you did that htacces thingy you mentioned... and dare I ask, how do you mark your root page as "canonical" and what is canonical LOL.

 

Thansk for the reply,

 

Cheers!

Link to comment
Share on other sites

and what is canonical LOL.

 

 

 

emove & Prevent duplicate content with the canonical tag

 

http://addons.oscommerce.com/info/7163

 

 

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Happy to hear it's fixed! Mine's definitely getting there, but the organic ranking drop may take longer to recover.

 

The canonical fix that spooks posted is probably the most important step to keeping those ?cdoc urls from being seen as duplicate content, whereas I'm not actually sure if the .htaccess thing I did is definitely good or bad (we'll see)... my theory behind using it is shaky at best, but basically what it's doing is re-directing any visits to site.com/?sdoc=blah+blah to just site.com/

 

Make a file called .htaccess in your store root if you don't already have one, and try this code:

 

Options +FollowSymLinks

RewriteEngine On

 

RewriteCond %{QUERY_STRING} ^cdoc\=(.*)$

RewriteRule .? http://www.yoursite.com/? [L,R=301]

 

Note that if you already have an htaccess file, it likely already has those top two lines and those only need to be in there once. I don't have much faith in this step helping yet though. Hopefully submitting a URL for reconsideration to google can work (you can do this through Google Webmaster Tools).

 

Good luck!

 

 

 

Thanks rbandit for the reply. My site is now cleansed about 3 weeks ago after that base64 code attack. My site is now clean, and secure AFAIK, its just a bit worrysome that these links still redirect to my site, and yes my rankings have fallen quite a bit.

 

Can you explain how you did that htacces thingy you mentioned... and dare I ask, how do you mark your root page as "canonical" and what is canonical LOL.

 

Thansk for the reply,

 

Cheers!

Link to comment
Share on other sites

 

The canonical fix that spooks posted is probably the most important step to keeping those ?cdoc urls from being seen as duplicate content, whereas I'm not actually sure if the .htaccess thing I did is definitely good or bad (we'll see)... my theory behind using it is shaky at best, but basically what it's doing is re-directing any visits to site.com/?sdoc=blah+blah to just site.com/

 

 

 

 

Yes, if you install that, just add cdoc (or sdoc) to the removed param list, then you wont have an issue & you wont need the htaccess addition.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...