I seem to be getting a lot of this with search engine bots and the xoopsodp module. Is there any reason for this?
I am using protector 2.52 and have had this with both msnbot and gogglebot in the protector logs on my site. Sometimes upwards of 60 entries for the same IP and the same ODP page. Using XOOPS 2.0.13.1.
Here is an example log entry:
Quote:
2005/8/29 15:51:36 Guests 207.46.98.34
msnbot/1.0msnbot/1.0 (+http://search.msn.com/msnbot.htm) PHP_SELF XSS Invalid PHP_SELF '/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/' found.i
hmmm.
It's difficult.
There is a vulnerablity of "PHP_SELF XSS" in all versions of XOOPS.
Protector stop it because it found illegal character (=') in PHP_SELF.
I think the way of xoopsodp is not good.
PATH_INFO must be like a PATH.
/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/
If you can, rename Children's to Childrens or etc.