Hello,
I have a question. I can see quite often even in the firewall like
URI /doubleclick/DARTIframe.html?gtVersion=200_235&mediaserver=https%3A%2F%2Fs0.2mdn.net%2F879366&xpc=%7B%22cn%22%3A%22peerIframe100101334%22%2C%22tp%22%3Anull%2C%22osh%22%3Anull%2C%22pru%22%3A%22https%3A%2F%2Fwww.keengamer.com%2Fdoubleclick%2FDARTIframe.html%3FgtVersion%3Drelay_200_235%26mediaserver%3Dhttps%3A%2F%2Fs0.2mdn.net%2F879366%22%2C%22ppu%22%3A%22https%3A%2F%2Fad.doubleclick.net%2Frobots.txt%22%2C%22lpu%22%3A%22https%3A%2F%2Fwww.xxxxxxxxx.com%2Frobots.txt%22%7D
The question is, is it really doubleclick or hack attempt which was the reason why it was challenged? If it was real and without any problems we can have issues with our ads which means less money.
| 950120 | OWASP_CRS/WEB_ATTACK/RFI-TX:1=s0.2mdn.net/879366 |
|---|---|
| 981257 | DETECTS MYSQL COMMENT-/SPACE-OBFUSCATED INJECTIONS AND BACKTICK TERMINATION-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=,“tp”:null,“osh”:null,“pru”:“xxxxxxxxxxx.com”, |
| 981245 | DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 2/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=":“peerIframe100101334”,"t |
| 981246 | DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 3/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=“pru”:" |
| 973333 | OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=",“tp”:null,“osh”:null,“pru”:"https://www.xxxxxxxxx.com/doubleclick/DARTIframe.html?gtVersion= |
| 950120 | OWASP_CRS/WEB_ATTACK/RFI-TX:1 |
I’ve removed our url and replaced with xxx. Just to be sure.
Thanks for answering.
Karel