>Is it possible that they were able to download your server side >script? is that directory open in such a way to allow them access to >download rather then execute? does the script leak those parameters >when executed? No, directory listing is forbidden and the script is not downloadable. I am not sure what you mean by "leak those parameters" The script just takes in a normal HTTP GET and ultimately either shows an error page or a report page depending on the parameters. Even if the parameters are correct, the user still sees an error page when the IP is logged. >here is what i do for similar situations: >1. enable https: it really does not hurt and this should just be on by default. Yeah, I may or may not do this. I realize that it is trivial but it is even more trivial to not do it. >2. use an api string or use a custom user agent string: only clients >with the correct string will actually be listened to (this will help >you in the future too) I considered this and may still implement it. >3. enable http auth: even if it is stupid data; it keeps away those >random rubbernecker and crawlers that ignore robots.txt, you can even >use REMOTE_USER as additional metadata that can be used to track down >systems. What I am really wondering here is how the full exact query was captured and then repeated by a 3rd party out in the wild. The implications are kind of scary. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20161117/5a4c07c7/attachment.html>