: What is "?sfgdataq" that I see appended to some requests to my application? I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably

I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably wouldn't have ever noticed it if it didn't cause an error on some requests.

I have seen requests come through with a mix of user agents, (Firefox, IE 7, IE 8) so I don't think it is a bot.

I looked around and I can't find any information on what is doing this, I found a couple people with similar questions on message boards (so I don't think it is isolated to my application) but no good answers.

edit:
I also noticed that the User Agents have some sort of large random value appended: +sfgRmluamFuX1R5cGU9amF2YV9zY3JpcHQmRmluamFuX0xhbmc9dGV4dC9qY is a sample - searching for that on google turns it up in other logs as well.

10.03% popularity Vote Up Vote Down

: 404 page echoing request URI - security risk? I just noticed the default 404 page on one of my hosting accounts displays the requested URI.  I faintly

@Looi9037786

Posted in: #Security

4 Comments

: What features in a website make you want to revisit? I'm looking for features in websites that I may not have seen before that are unique, and are excellent features that not only improve

@Looi9037786

Posted in: #Api #WebsiteFeatures

3 Comments

: HTTP for one part of the site, HTTPS for other We have a site which is HTTP, but it has an admin part. How can we secure the admin part with HTTPS? For example, WordPress (which I know)

@Looi9037786

Posted in: #Authentication #Http #Https #Security

2 Comments

Login to post a comment!

3 Comments

Sorted by latest first Latest Oldest Best

@Frith620

It appears to be from a Finjan (now part of M86 Security) security appliance.

I found an old forum post here (in Estonian) asking why it was adding "?sfgdata=4" to URLs.

There's also an old set of release notes that has a few references to "sfgdata".

10% popularity Vote Up Vote Down

@Steve110

More and more I find add-ons toolbars and plugins to be adding modifications to my user's behavior. Looks like it may be something like that, or a proxy.

10% popularity Vote Up Vote Down

@Kristi941

Sounds like a bot looking for some kind of vulnerability. It's hard to say but I would guess there's a flaw in some software somewhere and that query string either exposes it so the hacker know where to find a vulnerable site or maybe it even begins an attack. Or it may be checking to see if your software gives an error message because of that query string and they can then try to exploit your code.

I would recommend logging the IPs of the visitors who are doing this in case it is malicious. Then you can ban them if necessary. I would also keep researching it as someone may figure out what this is and post it online for others to see.

10% popularity Vote Up Vote Down

Feed

: What is "?sfgdataq" that I see appended to some requests to my application? I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably

More posts by @Looi9037786

: 404 page echoing request URI - security risk? I just noticed the default 404 page on one of my hosting accounts displays the requested URI.  I faintly

: What features in a website make you want to revisit? I'm looking for features in websites that I may not have seen before that are unique, and are excellent features that not only improve

: HTTP for one part of the site, HTTPS for other We have a site which is HTTP, but it has an admin part. How can we secure the admin part with HTTPS? For example, WordPress (which I know)

Login to post a comment!

3 Comments

Back to top | Use Dark Theme