Why is my Rails app receiving requests with jQuery code in the URL?
Question
Our production Rails 2.3.5 app, running on Heroku, is receiving bizarre requests that include snippets of JavaScript in the URL. We have error reporting set up with Hoptoad/Airbrake on Heroku, where I'm seeing requests like the following:
http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/;if(c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/);f=e.css ( http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/,c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/).css (
These are RESTful routes, with widgets nested under publishers. The strings following widgets/ are found in the minified jQuery 1.4.2 source, which we have in public/javascripts . Each request results in an ActionView::MissingTemplate error, with everything between widgets/ and .css being interpreted as the desired action, ex.:
ActionView::MissingTemplate: Missing template widgets/;if(c.erb in view path app/views
It seems to be the same four snippets, in the same order, occurring as a set every 1-5 minutes and taking 1-2 minutes from start to finish. The publisher ID varies over time.
These errors have been logged over 60,000 times now. Does anyone have similar experience or an idea what's happening?
1 answers
solution1
0 2011-08-01 15:02:42
Is this site public? Someone might be trying to find XSS exploits
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.