Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

multiple osCid's in single URL as seen in admin dashboard


Supertex

Recommended Posts

Over the last few days, my admin dashboard has listed a rather bizarre entry:

 

00:04:12    Guest    54.164.148.84    14:28:26    14:28:26    /index.php/myproduct1-m-12? amp3Bamp3Bamp3BosCsid=ngl8cnh8mptdvpg18ps8h3gcc3&3Bamp3Bamp3Bproducts_id=77&3Bamp3Bamp3Bsort=6a&3Bamp3BosCsid=svdge38vi9hp906hnlt385k2f3&3Bamp3Bproducts_id=2032&3Bamp3Bsort=6a&3BosCsid=jhu31ovp18e9vuokqthf06e0s5&3Bproducts_id=70&3Bsort=6a&osCsid=qr9li7c3da6otnhi7dm100s707

 

I don't know why there are 4+ session ID's in that string, or what possible kind of application would be connecting to my site from an Amazon AWS IP.  As far as I know, Amazon isn't an ISP, so I'm left to suspect this is a bot (scraping my content..?) or some sort of app working cross-domain...?

 

I emailed Amazon AWS, asking what this was, but haven't heard anything back from them.  Anyone seen this type of thing, or have some idea what it's doing?  It's not that I'm overly concerned about it.  In fact, I might never have noticed it at all, except the length of the URL wrecks the display of the dashboard module.  But now I'm curious what it is, and what it's doing.

Link to comment
Share on other sites

Amazon AWS => Amazon Web Services, which is a "cloud" ISP. It's easy to rent space short term, so it's a favorite with hackers. I don't know how that particular URL would let them hack anything, but it could be, or it may just be somebody running a broken web bot/scraper.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Looks like a user agent ltx-71...from ltx-71.com, which has an interesting index page message:

 

"We continuously scan the internet for security research purposes. Our crawling is not malicious and only notes summary information for a page.

If you have further questions please contact [email protected]"

 

No response as of yet from them.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...