You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by we...@island.net on 2004/03/10 21:49:13 UTC
[users@httpd] strange log entries
Have been watching the logs for a while now, and am getting used to the various
things that are trying the system. The latest one is really getting annoying. Am
getting strings (huge ones) of just SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 etc... etc... repeats ad nauseum
Should I be concerned. Am used to rest of the crap, this is totally new
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange log entries
Posted by Henry <he...@ix.netcom.com>.
They are most likely attacks against IIS servers. I get alot of those as well - things like:
_vti_bin/owssvr.dll
_vti_bin/shtml.exe
/MSOffice/cltreq.asp
You can just ignore them. The extra characters are attempts to fool non-patched IIS servers into running local executables and compromising the system.
-Hank
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange log entries
Posted by we...@island.net.
I have set the DNS flag to show the names. They appear to be legit
users, most of which come from Asia. It is possible that they are
indeed in "non-english". However the repeat pattern just appears to
show a long string of repeat garbage. I have gathered there are a
lot of folks poking at the system by just using directory headings.
Most of which appear to be for Windows stuff. Apache obviously is
on top of it as it responds with a 404 error. There are a lot of these
searches from comcast.net and attbi.com. I can't call them attacks
as they just request directories and the like which do not exist
withing apache and my system.
On 11 Mar 2004 at 10:29, Vi wrote:
> >
> When I did experements with perl's LWP and on my server, I wrote string
> on russian (in koi8r) as browser's signature,
> it came out in logs in escape form, as in your case. Which fields in log
> are comming up like that?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange log entries
Posted by Vi <vi...@bexout.com>.
webwhiz@island.net wrote:
>Have been watching the logs for a while now, and am getting used to the various
>things that are trying the system. The latest one is really getting annoying. Am
>getting strings (huge ones) of just SEARCH
>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 etc... etc... repeats ad nauseum
>
>Should I be concerned. Am used to rest of the crap, this is totally new
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
When I did experements with perl's LWP and on my server, I wrote string
on russian (in koi8r) as browser's signature,
it came out in logs in escape form, as in your case. Which fields in log
are comming up like that?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org