[servir007]

Good afternoon, please tell me why unnecessary and erroneous urls are generated?

Site: firstlawyers.ru

Error results: be1.ru/dubli-stranic/?url=firstlawyers.ru

EXAMPLES:
firstlawyers.ru/
firstlawyers.ru//
firstlawyers.ru///
firstlawyers.ru////
firstlawyers.ru/////
firstlawyers.ru//////
firstlawyers.ru///////
firstlawyers.ru////////
firstlawyers.ru/////////
firstlawyers.ru//////////
firstlawyers.ru/?

[publii-slpa]

There is not enough actionable information here.

For example, Where are you seeing this? In your log files. In Google Analytics?

This looks like your site has been hacked or another computer thinks your site has been hacked.

[servir007]

I can see it in the analyzer, I indicated the link: be1.ru/dubli-stranic/?url=firstlawyers.ru

When opening the address firstlawyers.ru/? should give a 404 error, and the page opens, so there is a redirect, isn’t it?

The site is not hacked, I checked. The webmaster does not display these links, but it is very surprising to me that they exist.

If you need more detailed information, I can attach it, just tell me where to get it.

Thanx

[publii-slpa]

Okay.

There are two situations where you would see this — where you see these requests in your log file analyzer and; one, a compromised computer is trying to hack your site, or two, where a compromised computer thinks your site is already compromised. I will bet heavily on the latter.

This is likely a script-kiddie hack that uses lists of what they think are compromised computers. If this is the case, your site is on that list. It happens when a hack attempt is made on your site that is not successful, however, due to poor coding, your site is added to a large list of hundreds or thousands of computers.

What you are seeing looks like URL insertion attempts.

I studied hackers using a fairly large scale of sites and servers. I set up traps and sensors to capture hacker activities to study methods, pay-offs, pay-loads, etc. I then built a system of self defending networks using C to create new sensors, traps and agents that would defend networks from attacks using the attack trees methodology as well as build trust networks to defend attacks in a more granular manner. This was primarily aimed to defend stuff like the power grid. But most of what I was doing was research to help guide software engineers, companies, government, and cybersecurity experts.

Take it from me, this is annoying, that is for sure(!), but not likely a real problem. Don’t worry about it.

Cheers!!

[servir007]

Thank you very much, I hope that the SEO of the site https://firstlawyers.ru (Лицензирование деятельности в Краснодаре) will not be affected.

[publii-slpa]

SEO should be fine. Generally, these activities only last for a while. Google, for example, is quite familiar with these types of activities and ignores them. In your case, likely no links exist. Instead, these may be requests and not a link. If the IP addresses are the same or within an IP block, then you should be okay. As well, if the IP addresses are proxy servers, you should still be okay. You are very likely okay.

One of the reasons for this activity is to create links in your sites log file analytics which may or may not be online. It is recommended that awstats and other analytics not be available to the public.

Another reason for this is to make you curious and check out the site. You should never do this. It is likely an infected site. The nature of the infection can be dangerous or not. It all depends upon the hack.

[Author]

Posts