I beleive the %20 is just a space (blank space) in the url
so basically its the same as :
foxweb.dexe/Mfieldslots@leages/league_scheduler?fieldno=12 &slotcrec=
what happens in your testing if you do that?
what happens when you get the request.querystring("fieldno") = 12 and the request.querystring("slotrec")=""
?
Sent by Roger Stanley on 09/30/2011 11:33:32 AM:
"GET /cgi-bin/foxweb.exe/Mfieldslots@leagues/league_scheduler?fieldno=12%20%20%20%20%20%20&slotrec=%20%20%20%20%20%20%20373&leagueid=DCMSBL&season=22&paction=dout HTTP/1.1" 200 107936
This is part of what I found. I don't understand the %20%20...
that's not part of my code, nor can I find that in any of the logs prior to this happening.
It calls the field number (that's a baseball field, not in the record) and the slot number within that baseball field.
He's managing to delete the field slots and there is another action that my scheduler uses to block a field - he's also doing that.
Sent by Steven Gruner on 09/28/2011 06:34:13 PM:
What do you show for the calls he is making to cause records to be deleted?
Sent by Roger Stanley on 09/23/2011 09:08:38 PM:
Someone has figured out how to make changes to my data base (it's a baseball league). From the Apache log it looks like he's reading the address log - which shows the calls - and entering something after it to delete records.
Is there a way I can stop the url call from showing? Any help would be appreciated. He's hit us twice (even after I banned his first IP) and it's taken me hours to undo what he's done.
At least he hasn't figured out a way to tell it to pack.
Thanks for any help.