http://10.17.1.11:15871/cgi-bin/blockOptions.cgi or afterWorkOptions.cgi???

Hi;

I see

http://10.130.214.253:15871/cgi-bin/blockOptions.cgi
http://10.1.0.4:15871/cgi-bin/afterWorkOptions.cgi
http://10.17.1.11:15871/cgi-bin/blockOptions.cgi
http://10.70.48.135:15871/cgi-bin/afterWorkOptions.cgi

in my web site logs.

What are they? is somebody trying to hack my web site?

and what's the solution for this?

Thanks

 

Are those URLs in the referrer field ?

It's very strange. It almost looks like an attempted spam but it's broken. I'm pretty sure it's not a hacking attempt but I'll need to see the actual access logs or at least get some more information about where these URLs are before I can be certain.

 

As far as I know (saw on my directories too) this can be from automated directories submission softwares, not very sure but in same cases (from my experience) I found someone using this.

Robert

 

Hello, this is WebSense. If it believes a link may not be acceptable for viewing at work the user is presented with the option of saving it to a list of later viewing.

 

I also seen the http://126.0.0.35:15871 reference link in my Google analytic account. I hope is not block my website

 

This is explained in this article : http://techzog.com/seo/referrals-from-blockoptions-cgi-google-analytics/. It is basically your visitors being blocked by a Websense filter in their organization.