I think I have answered my own question.
These mystery links are definitely the legacy of the previous server the files were located on.
The request was either from a user or from a search crawler.
As simple as that.
Pergunta
I am worried that a repeated error that I am getting may be an attempt to hack the site via injection at the URL line.
Here are some samples directly from the server's error_log file. These always seem to come in pairs:
[11-Apr-2014 23:21:26 America/Chicago] PHP Warning: include(content/?p=389.php) [function.include]: failed to open stream: No such file or directory in /home/the_site/public_html/includes/htmlContent.php on line 27
[11-Apr-2014 23:21:26 America/Chicago] PHP Warning: include() [function.include]: Failed opening 'content/?p=389.php' for inclusion (include_path='.:/usr/lib/php') in /home/the_site/public_html/includes/htmlContent.php on line 27
[14-Apr-2014 15:44:57 America/Chicago] PHP Warning: include(content/?124.php) [function.include]: failed to open stream: No such file or directory in /home/the_site/public_html/includes/htmlContent.php on line 27
[14-Apr-2014 15:44:57 America/Chicago] PHP Warning: include() [function.include]: Failed opening 'content/?124.php' for inclusion (include_path='.:/usr/lib/php') in /home/the_site/public_html/includes/htmlContent.php on line 27
Of course, I know that it means someone has attempted to add a variable "p" to the URL for retrieval via the GET proxy. The trouble is that this site uses the GET proxy infrequently, and never with a variable "p".
The occurrences do not happen at regular times of day or at regular intervals.
Here's my best guess. This is a website that I rescued from a Wordpress administrator whom I will – generously – call semi-competant. I am supposing that these are artifacts of the Wordpress service, and likely are attempts to link to the site from referrers. I am not sure of the value of these referrers, and I am not sure I could use php's $_SERVER['REQUEST_URI'] to sniff out any information about the source.
In any case, I'd like to ask anyone who has experience with this if these URL variables may be pernicious in nature. I can't find a thing on the Web regarding this (not even on stackoverflow.com!) I appreciate your help in putting my paranoid programmer's mind at ease.
Please let me know if you require any other information.
Thanking you in advance.
Update: this is the code requested by Juhana, below:
<?php
// include:
// htmlContent.php
// Concatenate file name for the content include(s).
$replacements = array( // Content file name swaps:
"" => "whypowerwash",
"index" => "whypowerwash",
"~hrmpower" => "whypowerwash",
"?author=1" => "about",
);
$thisFile = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$contentName = explode(".",$thisFile);
if(array_key_exists($contentName[0],$replacements)) {
$contentFile = $replacements[$contentName[0]];
}
else {
$contentFile = $contentName[0];
}
echo '<div id="content">';
include('content/'.$contentFile.'.php');
echo' </div> <!-- closes content div -->';
?>
Put simply, it helps me to link a main page with html content held in the "content" folder. I did this as a temporary measure: later it will be fed from a MySQL database.
The "$_SERVER['REQUEST_URI']" links the file to a file of the same name within the content folder, pending the assessment of required replacements (see array $replacements).
The line in question is:
include('content/'.$contentFile.'.php');
Hoping this helps. Let me know if I need to explain anything else.
Solução
I think I have answered my own question.
These mystery links are definitely the legacy of the previous server the files were located on.
The request was either from a user or from a search crawler.
As simple as that.