Steve Fenton

Log phishing attack

n an error log or HTTP log phising attack, a deliberately bad request is generated with a fake referer string.

The hope is that the referer string will be displayed in your cool web-based log aggregation and monitoring service as a hyperlink – tempting operations teams to click on the link as it might explain the issue. The link of course will lead to trouble.

Exception type: MyCustomException
Referer: <a href="">Windows FAQ</a>

If you are using a good monitoring service, they won’t display this input as a hyperlink – but beware of visiting pages that appear in your HTTP logs or event logs like this.

Written by Steve Fenton on