Some low impacts with strange non-existing URLs
I'm using PHPIDS on a Drupal 6 installation. Today I got some low impacts (3-5) with, in my view, strange values.
First some pages that do exist on the site:This would be http://www.domain.tld/?q=blog aso. without mod_rewrite.
Now the following was detected by PHPIDS:
All from the same IP address.
- Variable: q | Value: blog/oble4opr-oania-lokat--du-owych,s,351.htmlaniujscie.pl/20.12609.htm
- Variable: q | Value: blog/04-09-2011-bpt/blog/.blog/0re03a2at_-
- Variable: q | Value: avascript:hiedenevoid(0);
- Variable: q | Value: blog/1-03--.pcp
- Variable: q | Value: blog/=/iter/blog/blog/ofber/f0nd.php
- Variable: q | Value: blog/=/iter/blog/blog/drblog/04-09-2011-bitte-bewertet-uns
- Variable: q | Value: blog/=/iter/blog/blog/blog/feed
- Variable: q | Value: blog/=/iter/blog/blog/feed
So in some of them there is a similarity to existing pages. But I don't see how these requests make sense, nor do I see how or if they could be dangerous. I'm quite new to PHPIDS and I still have to learn a lot about possible atacks. I would be grateful for any hint on this.
Thanks for this great software!