locked
Possible buffer overflow vulnerability being exploited via msnbot RRS feed

  • Question

  • This morning my server alarm went off and I found the cause was msnbot shoving some 7K long URIs into my server for some reason which caused the server to hiccup, hopefully that's all it did.

    All of these requested URIs have a huge binary string embedded that typically starts with "%C3%83%C6%92%C3%86%E2%80%99%C3%83%E2%80" and continues.

    The requests look like this:


    example.com/my-page-%C3%83%C6%92%C3%86%E2%80%99%C3%83%E2%80....-here.html


    I did a search in Live and sure enough, there appear to be sites out there indexed that are embedding these strings in URIs either for some purpose and some of those sites are linked to malware, so draw your own conclusion.


    But it would be nice if these could be filtered out of the crawl ASAP.


    Wednesday, August 27, 2008 4:45 PM

Answers

  • Hi,

     

    Thanks for the information. I will ask Jeremiah to look into this,

     

     

    Brett 

     

    Tuesday, September 2, 2008 9:34 PM