It has recently been brought to my attention that someone in Germany has been trying some pretty weird things with our public-facing website, and I'm inclined to believe that these actors are just trying to fuzz our servers. Pen testing in the wild, so to speak.
But then there's that paranoid part of me that is thinking this could be something else, something malicious.
This/these person(s) are flooding our web servers with GET requests that are odd:
Someone here managed to decode this:
I've never heard the phrase fuzzing but it could be sinister or accidental, but definitely a scan of some sort. Here, we treat everything as hostile until we determine otherwise -- but we deal with payments so we tend to be very protective, bordering paranoid.
Hi, Steve Sommers,
but we deal with payments so we tend to be very protective, bordering paranoid.
I know how that goes. I'm working for USG DoD, and paranoia is the M.O., here.
"Fuzzing" is a black hat method of automated probing for security vulnerabilities using malformed data injection.