Technical question
Feb. 4th, 2008 09:26![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mapsedgeWe're getting hundreds of requests per day against our web server every day that look like this:
http://www.servername.com/index.asp?parm1=x&parm2=y&parm3=z&parm4=http://someotherserver.com/blahblahblah&parm5=a&and=so&on=1
In our web apps we pass SQL query parameters using the browser's address line - all of our queries take the form of stored procedures so the security risk is much reduced.
My question is: what's the purpose? What is the supposed hacker trying to do?
We're already using IIS to block site access by IP address, but we're getting hit so often that entering those IPs - even using ranges - could end up a full-time job. Plus, as I understand it, having too many entries can slow website performance. We're in talks with our ISP about blocking at the firewall level, but they have no history of being terribly helpful.
http://www.servername.com/index.asp?parm1=x&parm2=y&parm3=z&parm4=http://someotherserver.com/blahblahblah&parm5=a&and=so&on=1
In our web apps we pass SQL query parameters using the browser's address line - all of our queries take the form of stored procedures so the security risk is much reduced.
My question is: what's the purpose? What is the supposed hacker trying to do?
We're already using IIS to block site access by IP address, but we're getting hit so often that entering those IPs - even using ranges - could end up a full-time job. Plus, as I understand it, having too many entries can slow website performance. We're in talks with our ISP about blocking at the firewall level, but they have no history of being terribly helpful.