[Resolved] Picking up viruses/hacking attempts on error log

matthewdingley

Hi,
I programmed an error log yesterday and aswell as a few errors from my website, It's picked up quite a few viruses/hacking attempts on the server my website is on.

Basically the way the log works is that I have told the .htaccess file to send 404 errors to errors/errors.php?error=404, 500 errors to errors/errors.php?error=500 and so on. The error page then displays a sorry message and logs the error into a database.

This thing is, I'm trying to do an admin panel, but I don't want all these viruses/hacking attempts to show up on it.

Some examples of the things it has picked up are:
/MSOffice/cltreq.asp
UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

/scripts/..%252f../winnt/system32/cmd.exe?/c+dir

...and so on. I would either filter it out so that it doesn't get into the database or only SELECT the records from the database that aren't a virus/hacking attempt. The thing is, I just can't work out how to do this reliably.

Any help would be greatly appreciated.

Best regards,

Matt

sarahk

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

this may have been a search engine, link verifier or some other bot.

I've attached part of my botspotter script which checks to see if the visitor is using a browser.

You might choose to only log those where treatashuman() returns true.