cURL / Mailing Lists / curl-users / Single Mail

curl-users

Hacking / Hijacking / or OTHER ?

From: Botany <botany_at_strato.net>
Date: Wed, 21 Mar 2012 13:25:03 -0400

In regard to the following command:

curl -i http://www.mydomain.com/-A billy

THIS REQUEST FOR A NON-EXISTENT WEBPAGE GENERATES A "404" RESPONSE AND, APPENDED TO IT, A "200" PAGE WITH ADDITIONAL HEADER AND HTML SECTION FOR DOMAINREGISTRY.COM AND OTHER LINKS APPENDED. I HAVE NOT BEEN ABLE TO RECONCILE THIS. COULD THIS BE A FORM OF HACKING OR HIJACKING? COULD IT INVOLVE cURL?, OR JUST OTHER ISSUES?:

All unique values "[removed]".

*************************************************************************************************

HTTP/1.1 404 Not Found
Date: [removed] GMT
Server: Apache
Last-Modified: [removed]GMT
ETag: "[removed]"
Accept-Ranges: bytes
Content-Length: 583
Vary: Accept-Encoding
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Error Page</title>
</head>

<body bgcolor="black">

<table align="center">
<tr><td align="center"><h3 style="color:blue">404 - PAGE NOT FOUND</h1></td></tr>
</table>

</body>

HTTP/1.1 200 OK
Date: Tue, [removed] GMT
Server: Apache/1.3.28 (Unix) PHP/4.3.3 mod_ssl/2.8.15 OpenSSL/0.9.7b
Last-Modified: [removed] GMT
ETag: "[removed]"
Accept-Ranges: bytes
Content-Length: 3928
Content-Type: text/html

<html>
<head>
<title>*** DomainRegistry.com Inc. ***</title>
</head>

<body BGCOLOR="#ffffff" background="new-back.gif">

<table BORDER="0" WIDTH=630><tr><td WIDTH=100>&nbsp;</td>
<td><center></center><br>

<center>Domain Registration
by DomainRegistry.Com Inc.
<br></center>

<hr>

Here are some helpful sites you might want to try:<br><br>CouponBook.com - Coupons, Discounts <BR><BR>

<A HREF="http://nswhois.DomainRegistry.com" target="_blank">Check "whois" or Register Domain Names</A><BR><BR>

<!-- begin google code -->

<style type="text/css">
@import url(http://www.google.com/cse/api/branding.css);
</style>

<div class="cse-branding-bottom" style="background-color:#FFFFFF;color:#000000"><div class="cse-branding-form"><form action="http://www.google.com/cse" id="cse-search-box" target="_blank"><div>

<input type="hidden" name="cx" value="partner-pub-[removed]" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="text" name="q" size="45" />
<input type="submit" name="sa" value="<-- Search For Anything" />
</div>
</form>
</div>

<div class="cse-branding-logo"><img src="http://www.google.com/images/poweredby_transparent/poweredby_FFFFFF.gif" alt="Google" /></div>

<div class="cse-branding-text">Custom Search</div>
</div>

<script type="text/javascript" src="http://www.google.com/cse/query_renderer.js"></script>

<div id="queries"></div>

<script src="http://www.google.com/cse/api/partner-pub-[removed]/cse/[removed]/queries/js?oe=UTF-8&amp;callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render"></script>

<!-- end google code -->

<br><br>

<SCRIPT charset="utf-8" type="text/javascript" src="http://ws.amazon.com/widgets/q?rt=tf_sw&ServiceVersion=[removed]&MarketPlace=US&ID=[removed]/US/[removed]"> </SCRIPT> <NOSCRIPT>Amazon.com Widgets</NOSCRIPT>

<br><br><br>

<table width="240" border="1"><tr><td bgcolor="003399" bordercolor="#000000"><font color="#FFFFFF" face="Verdana, Arial, Helvetica, sans-serif" size="2"><b>Search at TigerDirect.com:</b></font></td></tr>

<tr>
<form action="http://click.linksynergy.com/fs-bin/statform" method="get">
<input type=hidden name=id value=[removed]>
<input type=hidden name=offerid value=[removed]>
<input type=hidden name=bnid value=[removed]>
<input type=hidden name="subid" value="">
<td bgcolor="cccccc">
<input type="text" size="20" maxlength="200" name="keywords">
<input type="image" src="http://images.tigerdirect.com/mastheadus/submitbtn.gif" name="image"></td>
</form></tr></table>

<IMG width=1 height=1 border=0 src="http://ad.linksynergy.com/fs-bin/show?id=[removed]&bids=[removed]&type=5"><br>

<A HREF="http://www.frontpagehosting.com" target="_blank">Website Hosting Companies</A><BR><BR>

<A HREF="http://www.businessforms.com" target="_blank">
BusinessForms.com - Business Forms </A>
<br><br><br>

<hr>

<b>Questions:</b> admin500_at_domainregistry.com</td></tr></table>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'[removed]"));
</script>

<script type="text/javascript">
var pageTracker = _gat._getTracker("[removed]");
pageTracker._trackPageview();
</script>

</body>
</html>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-21