Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Mystery GET with url(data:image/png;base64,iVBOR

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13061
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Browsing thru some access logs I found that starting about Oct. 23, I am getting occasional GET requests that start like this:


where the base64 text is about 1600 characters long. My Tomcat server responds with a 404 error to this GET.

Now, I see that there is a data URI scheme where this kind of string gets used, but what the sam hill is it doing in a GET to my perfectly ordinary HTML site containing no Javascript?

I was wondering if this is some sort of attack since only a few IP addresses are the source and the GETs repeat at short intervals some times.



Anybody got any idea why these suddenly appeared.

Bill
 
Nauman Hasan
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bill,

Not sure what would cause this... it could well be an attack. You could try and make a construct an html page with the png to see what it looks like (visually) or try to see if you can unbase64 encode it using a utility to see what the contents are (without running it on a browser).

~Nauman
 
Eric Johnston
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've seen similar 404 errors after a visitor arrives as the result of a normal Google search.
The wanted page and its associated images are downloaded normally.
Then comes
"GET /url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAAAOCAYAAAB6pd..... 404
The very long base64 code starting iVBORw0... can be decoded to this rectangular image:


The icon to the right hand end is a Google icon, so the phenomena may have something to do with Google.

Best regards, Eric.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13061
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
AHA! That has got to be it - maybe Google made some sort of change around October 23 which generates this spurious GET or some other site is leaching off of Google and screws up the link creation.

Now who can I talk to at Google....

Bill

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic