[146081] in North American Network Operators' Group
Re: Random five character string added to URLs?
daemon@ATHENA.MIT.EDU (Jeff Kell)
Tue Nov 1 22:43:36 2011
Date: Tue, 1 Nov 2011 22:42:38 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: Stefan Fouant <sfouant@shortestpathfirst.net>
In-Reply-To: <E1RLNOQ-0004kM-14@mailman.nanog.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 11/1/2011 7:05 PM, Stefan Fouant wrote:
> Is there anything perhaps protecting or intercepting the data on its way to the server, perhaps an Arbor device of some type of load balancer?
>
> This type of behavior is quite common when protecting web assets to eliminate zombies and such, but its usually something you would see back to the clients, not tp the server.
I have seen this in SEO-poisoning type of webpage defacement. They
anchor a javascript in the main website "frame" and it generates
optimization "links" using a numeric suffix or ?argument so that they
appear as separate links. If the crawler is recognized (e.g.,
googlebot) then the SEO page is returned.
Jeff
