(JSON::ParserError) “{N}: unexpected token at 'alihack<%eval request(\”alihack.com\")%>

Question

I have the website on Ruby on Rails 3.2.11 and Ruby 1.9.3.

What can cause the following error:

(JSON::ParserError) \"{N}: unexpected token at \'alihack&         


        

Answer 1

I saw some weird log entries on my own site [which doesn't use Ruby] and Google took me to this thread. The IP on my entries was different. [120.37.236.161]

After poking around a bit more, here is my mostly speculation/educated guess:

First, in my own logs I saw a reference to http://api.alihack.com/info.txt - checked this link out; looked like an attempt at a PHP injection.

There's also a "register.php" page there - submitting takes you to an "invite.php" page.

Further examination of this domain took me to http://www.alihack.com/2014/07/10/168.aspx (page is in Chinese but Google Translate helped me out here)

I expect this "Black Spider" tool has been modified by script kiddies and is being used as a carpet bomber to attempt to find any sites which are "vulnerable."

It might be prudent to just add an automatic denial of any attempt including the "alihack" substring to your configuration.