ecshop 跨站攻击

ecshop的err.log一直报这个错误

[Wed Aug 29 13:45:24 2012] [error] [client 113.118.3.138] script '/var/www/html/ecshop/images/upload/Image/search.php' not found or unable to stat, referer:http://image.baidu.com/i?ct=503316480&z=&tn=baiduimagedetail&word=%C6%CA%B8%B9%B2%FA%B0%CC%BA%DB%CD%BC%C6%AC&in=26556&cl=2&lm=-1&st=&pn=0&rn=1&di=164990890400&ln=1847&fr=ala1&fm=ala1&fmq=1346218426750_R&ic=&s=&se=&sme=0&tab=&width=&height=&face=&is=&istype

images/upload/Image/search.php根本不可能存在（这个文件夹下面应该全是图片）

这个错误刷的很快，ip也换。，到底是傻？我也不了的，如果有人知道给我留言，

----------------------------------------------------------------------------------------------

1，网上有人提出这个解决方法

在/etc/httpd.conf下搜索Global 在
### Section 1: Global Environment
下面加 TraceEnable off
保存OK

在cmd下输入
telnet 127.0.0.1 80
然后在黑屏状态下输入
TRACE / HTTP/1.0
Host: foo
在添加TraceEnable off之前,应返回
HTTP/1.1 200 OK
Date: Sat, 20 Oct 2007 20:39:36 GMT
Server: Apache/2.2.6 (Debian) PHP/4.4.4-9 mod_ruby/1.2.6 Ruby/1.8.6(2007-06-07)
Connection: close
Content-Type: message/http
TRACE / HTTP/1.0
Host: foo
Any text entered here will be echoed back in the response
Connection closed by foreign host.

在添加TraceEnable off之后,应返回

HTTP/1.1 403 Forbidden
Date: Sat, 20 Oct 2007 20:38:31 GMT
Server: Apache/2.2.6 (Debian) PHP/4.4.4-9 mod_ruby/1.2.6 Ruby/1.8.6(2007-06-07)
Content-Length: 320
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML(link) PUBLIC "-//IETF//DTD HTML(link) 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<hr>
<address>Apache/2.2.6 (Debian) PHP/4.4.4-9 mod_ruby/1.2.6 Ruby/1.8.6(2007-06-07) Server at foo Port 80</address>
</body></html>
Connection closed by foreign host.

至此,可通过安全测试

----------------------------------------------------------------------

2，

如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句:

RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

貌似也没有起作用

到底啥回事啊，谁能告诉我