WordPress.org

1. frisco
   Member
   Posted 1 year ago #

   I have a custom 404 script that sends me an email if a user visits a bad link. The relevant portion of the code starts with:

   } elseif (isset($_SERVER['HTTP_REFERER'])) {

   The script proceeds to send me an email message that (in part) says:

   They came from ".$_SERVER['HTTP_REFERER'];

   Everything works fine, as it has for some time. The other day, I got a bunch of emails with a variety of different bad links that are obviously some kind of spam or attack. Here's one example (I stripped off the top level domain).

   ../SlurpConfirm404/address/squares.htm

   There's no SlurpConfirm404 folder visible anywhere that I can see on the server, or any of the other folders referenced in the bad links.

   Anyone have any thoughts on how I could get an email from my server with $_SERVER['HTTP_REFERER'] set to something that doesn't exist? Or does it exist and is marked hidden or in some spot I haven't checked?

   Anyone have experience with this attack?

2. Jean-LucfromBrussels
   Member
   Posted 1 year ago #

   This is not an attack. It is the Yahoo Slurp robot that is testing the way you process 404 errors. Nothing to worry about !

   Jean-Luc

3. frisco
   Member
   Posted 1 year ago #

   Fair enough. Let's say it's not an attack. How is the Yahoo robot generating a link from my site that doesn't exist? The odd thing about one of the links is that it was pharmacy related, even though my site has nothing to do with that. If it's really Yahoo, maybe that's why Yahoo is losing the search wars.

Topic Closed

This topic has been closed to new replies.