What sort of attack URL is this?

Question

I set up a website with my own custom PHP code. It appears that people from places like Ukraine are trying to hack it. They're trying a bunch of odd accesses, seemingly to detect what PHP files I've got.

They've discovered that I have PHP files called mail.php and sendmail.php, for instance. They've tried a bunch of GET options like:

     http://mydomain.com/index.php?do=/user/register/
     http://mydomain.com/index.php?app=core&module=global§ion=login
     http://mydomain.com/index.php?act=Login&CODE=00

I suppose these all pertain to something like LiveJournal?

Here's what's odd, and the subject of my question. They're trying this URL:

     http://mydomain.com?3e3ea140

What kind of website is vulnerable to a 32-bit hex number?

score 2 · Answer 1 · answered Nov 03 '12 at 22:42

2

Maybe it's a "knock-knock" request, because it doesn't look like any common vulnerability. Please note, that script kiddies don't always know what they're doing.

answered Nov 03 '12 at 22:42

FINESEC

1,371

What sort of attack URL is this?

1 Answers1