"用户"发送GET请求到一个网站,当POST预期 [英] "Users" sending GET requests to a website, when POST is expected
问题描述
我总是看到我们的日志,其中应通常只能通过POST请求访问的URL通过GET称为怪异的行为。这些URL包括那些通过JavaScript只是有史以来建造的人,所以你不能指望一个普通的蜘蛛碰到他们。如果我搜索我们的日志,这些请求都来自一个IP,好像是用户永远只给我们送来GET请求。
I keep seeing weird behaviour in our logs, where URLs that should normally only be accessed via a POST request are called via GET. The URLs include ones that are only ever constructed via javascript, so you wouldn't expect a regular spider to come across them. If I search our logs for an IP that those requests are coming from, it seems like that user has only ever sent us GET requests.
这似乎并不像典型的BOT行为 - 要求有s $ P $垫出来的,而不是垃圾邮件我们的服务器和一帮在短时间内请求。用户代理是所有常规浏览器。但是 - 这是稍有投机性 - 它并没有真正看起来就像是一个人浏览网站,因为他们似乎跳过所有的地方,而不是下面一个环节到下一个
It doesn't seem like typical bot behaviour - the requests are spread out, rather than spamming our server with a bunch of requests in a short timeframe. The user agents are all regular browsers. However - and this is slightly speculative - it doesn't really look like it's a human browsing the site, since they seem to jump all over the place rather than following one link to the next.
有谁别人看到这种行为在其网站上?任何建议是什么原因呢?
Does anyone else see this sort of behaviour on their site? Any suggestions what causes it?
推荐答案
这可能是钓鱼人在您的网站的攻击。他们会分析你的表格,然后凭自己的手艺网址寻找弱点或使用该服务的非传统的方式。如果它通常是同一个IP地址,那么你很可能认为是这样的。
It may be somebody fishing for exploits in your site. They would analyse your forms then craft their own URLs looking for weaknesses or unconventional ways to use the service. If it's usually the same IP address then you could probably assume that's the case.
一个例子可能是你是一个流媒体提供商,有人试图将源URL拼凑的视频下载脚本。虽然通常它只是垃圾邮件发送者希望通过您的联系方式进行中继。
One example might be you are a streaming media provider and somebody is trying to piece together the source URLs for a video downloader script. Often though it's simply spammers looking to relay through your contact forms.
不要以为从IP地址,以及用户代理太多。前者可以代理(通过像Tor的网络)以及后来可以随意改变。只是因为IP和用户代理改变并不意味着它是不一样的用户生成的请求。
Don't assume too much from IP addresses and and user agents. The former can be proxied (through networks like Tor) and the later can be changed at will. Just because the IPs and user-agents change doesn't mean it isn't the same user generating the requests.
这篇关于"用户"发送GET请求到一个网站,当POST预期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
