>Is it possible that they were able to download your server side
>script? is that directory open in such a way to allow them access to
>download rather then execute? does the script leak those parameters
>when executed?


No, directory listing is forbidden and the script is not downloadable.


I am not sure what you mean by "leak those parameters"


The script just takes in a normal HTTP GET and ultimately either shows an error page or a report page depending on the parameters. Even if the parameters are correct, the user still sees an error page when the IP is logged.

>here is what i do for similar situations:
>1. enable https: it really does not hurt and this should just be on by default.


Yeah, I may or may not do this. I realize that it is trivial but it is even more trivial to not do it.

>2. use an api string or use a custom user agent string: only clients
>with the correct string will actually be listened to (this will help
>you in the future too)


I considered this and may still implement it.

>3. enable http auth: even if it is stupid data; it keeps away those
>random rubbernecker and crawlers that ignore robots.txt, you can even
>use REMOTE_USER as additional metadata that can be used to track down
>systems.


What I am really wondering here is how the full exact query was captured and then repeated by a 3rd party out in the wild. The implications are kind of scary.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20161117/5a4c07c7/attachment.html>