Why would a random IP in China try to send a request for my web server at "/mstatic/sales/css/sales.css?v=6"? What would they be scanning for?
Asked
Active
Viewed 62 times
0
Sam
- 7,252
- 16
- 46
- 65
prettymuchbryce
- 131
- 1
- 9
-
Good question. I spotted this http://www.baccarin.com/mstatic/sales/css/sales.css?v=6 – Tower Nov 09 '12 at 11:26
-
You don not understand what "sniffing" means. Sniffing is passive network analysis. This person is sending a request which is a SCAN. – rook Nov 09 '12 at 19:47
1 Answers
1
I assume they were performing recon stage of hacking or they were script kiddies that could use google dork to find vulnerable website or nodes. I would suggest you to secure your page using .htaccess and via your cPanel to disable directory traversal. This is also considered to be dangerous, as the attacker could make use of any available information to map and learn the target. Those CSS lines may contain crucial information i.e. comments left by designer, email addresses, full names and so on
3ntr0py
- 117
- 5
-
I think you're probably right. My best guess is that this css file is associated with some particular framework that has a known vulnerability. I was hoping someone here could fill me in on which framework that might be. If you look at the CSS file that Tower posted above it does mention Escrow, which makes me think the framework could be associated with payments, or e-commerce. – prettymuchbryce Nov 10 '12 at 00:46