Just as a follow up. I took the "/?C=D;O=A" and placed it in my web browser after my own web site's address and it returned the home or index page. it did this with every web site I tried it on. I tried a few of the other combinations and they all returned to the home page.

First, there's a significant difference between hack attempts and being hacked.

If you view your raw server logs (not a stats report) on an hourly/daily basis you will find dozens, maybe hundreds, of probes to see how your server reacts to various requests.

Sometimes they are looking for common vulnerabilities, sometimes they are checking to see if a directory has an accessible permission set and if so, attempting to inject code or a file.

Just because you get requests like this does not necessarily indicate you have been hacked.

What response did your server return to these requests?

[added]
So it seems your account is not supporting these parameters and instead redirecting to index.

I would ignore these requests.

If you are paranoiac , this can also be an attempt of duplicate content attack. If your site is not configured to deal with unknown parameters, each URL with variants of these parameters will return the same content, and so it can be perceived as duplicate content if someone is having fun placing random links to your site like that.

If your site is not configured to deal with unknown parameters

But as noted, his site does handle the parameters properly, as most hosted sites do, including CMS sites.

I am certainly wrong, but redirecting all unknown requests to the home page might be at risk. If these links are crawlable by Google, won't Google think it's an attempt at manipulating ranking? (To have plenty of different URLs , all ending to redirect to the same page).

I am certainly wrong, personally, when there is an unknown request (parameters, URL, etc...), I return a 404 code, and a customized page for "humans" explaining the page does not exist, and with information about my site, and links to the different sections of it so that if they are really humans, they can find their way anyhow.

Not sure how Google interprets unknown parameters but GSC has a tool to disavow them.

Most all CMS do this, so it must be OK. I have my server return 404 s for BS parameters, because IMO that's how they should be handled.

Yup my custom 404 page includes a site search.

yes, understand the difference between hack attempts and actual intrusion. Apologize for the poor choice of nomenclature. the status code is 200. two of the web sites i have taken down as they have been both reverse IP'd to my two offensive to the Chinese web sites. I did this to protect my business in China, which I fear may be too late. This type of request started coming out of China, then Zhou Pizhong's network. My two offensive web sites are blocked from viewing by Chinese, with the exception of their cyber warfare units. i have multiple associates inside of China and Tibet that provide me with information. My offensive web sites provide documentation of the illegal Chinese invasion and occupation of Tibet, which is backed up by recently declassified official government documents. One also sells Tibetan art. I had been using the two Chinese business web sites (car/driver hire sites) as a control web sites to see what type of hacking requests were normal and comparing it to my other two sites. A 5th web site about an indigenous Tibetan NGO that i was funding I took down 2 years ago as the volunteers were being harassed and threatened with prison. This for building medical clinics and schools in nomadic areas that had 97% illiteracy rates.

My take on the request is that nothing matters after the '?' you can just put a ? after any domain and it will go to the home page. Really wanted to see if any other web site has seen anything like this.

My take on the request is that nothing matters after the '?' you can just put a ? after any domain and it will go to the home page. Really wanted to see if any other web site has seen anything like this.

Yes, unless your site uses parameters, these unknown params should have no effect. Your server seems to ignore them.

Also, there is a tool in Google Support Console that you can control how these Params are handled by Google.

/?C=N;O=A are Apache mod_autoindex sorting parameters. A hacker is probably scanning your site to see if you have auto directory generation switched on. The C=N parameter sorts the directory by file name. The O=A parameter sorts the listing in ascending order.

A full list of available parameters can be found in the Apache documentation at httpd.apache.org/docs/2.4/mod/mod_autoindex.html [httpd.apache.org]

thanks, this makes sense. this started about 10 days ago and is escalating to an hourly occurrence on all of my web sites.

Your server seems to ignore them.

Technically it depends on the file extension. If your pages--including directory index pages--are html then any and all parameters are ignored because html simply doesn't use them. If your pages are php, then it is entirely up to the page code--whether your own or a CMS--how to handle bogus parameters.

If your pages actually are static html, it can't hurt to institute a global redirect that strips away any query string. Sometimes you do get them in legitimate human requests, following certain types of links from other sites--and if a search engine sees those links, it may try the same parameters.

I talked to the hosting company and they were aware of the scans and were taking care of them. the front end if my web site is html static, from there it goes to a php e-commerce site to make the purchase. I have 100s of items, all unique/one of a kind and all expensive, so I use the html to provide high res images and lots of documentation about the item. I do enjoy my hosting company, they help me to set up a backdoor into the web site so that people in a country that censors web access/content can still view my content.

I do want to say thank you to every one that has provided information, it has been most helpful. Unfortunately I will forever be a webnovice so it is good to have forums like this for the perpetual dummy

/?C=N;O=A are Apache mod_autoindex sorting parameters

It's good to know. Thank you lammert