Magento

I was just checking if I had any online visitors and I noticed that the url visited by one user was:

http://www.mydomain.com/MSOffice/cltreq.asp?UL=1&ACT;=4&BUILD;=8164&STRMVER;=4&CAPREQ;=0

Looks very odd, particularly as it’s ASP and Magento runs on a Unix/PHP environment. Is this something to worry about?

Yes and no.

Read up on vulnerability probing. It’s assholes who scan every site for known script holes. As Magento doesn’t give back a proper 404, you may now be in the queue for some more visits from this automated system.

It’s no worry in terms of Magento, but a sustained scan can bring your site down or worse, if they actually find you use that script, they may seek to exploit it.

Thanks for replying.  I’ll keep an eye on things and see if they come back.

Vicky

script scanners.

they are common

i used to get them at my site all the time back when mysql injections were popular

you cant stop them because they would always come from all parts of the world at different times…

you cant do anything about exploits unless something happens already.  sucks but thats life.