views:

664

answers:

3

I'm getting several requests in web apps that are basically wrong in ways my code shouldn't be generating... Mainly it's requests to .ashx without any GET parameters specified.

The user agent is "Mozilla/4.0" (nothing more than that) The IPs vary from day to day.

This is a bot, right?

Thanks!

+4  A: 

This seems very odd to me. Any legitimate bot would identify itself in a way you can recognize. Any malicious bot would be able to do a much better job making the user agent look like a normal browser. This is somewhere in the middle. That, combined with the bad requests, leads me to believe you're dealing with plain old incompetence.

Either way, you probably want to 404 these requests rather than return a yellow screen error.

Joel Coehoorn
I'm showing the default error page I created, which just says "unexpected error", is a bit more friendly to humans than the YSoD, and also hides the error details from malicious people.I think that should be returning a 500 too, so the bot *should* get a hint...But I agree with your incompetence theory completely.
Daniel Magliola
You 404 so that a bot doesn't think there's a real page there. Otherwise, a malicious bot might try something else on the page later, and this time they might get lucky. And a search engine will keep coming around now and then to re-index. If you 404 the blank page, the bot will just go away.
Joel Coehoorn
+4  A: 

According to http://www.user-agents.org the 'Yahoo Mindset: Intent-driven Search' bot reports this.

But yeah it wouldn't be a browser reporting that.

gacrux
+1  A: 

Are these requests to existing pages you wrote yourself, or do they get a 404?

In the latter case, it could be some sort of scan attack, trying to detect vulnerable application instances before hitting them with an exploit.

Michael Borgwardt
Nope, they are files I wrote myself (or at least, they exist, like WebResource.axd)The script obviously found them by checking the HTML of other pages.I'm getting error reports because the script is GETting them without parameters (which these files expect)
Daniel Magliola