You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by we...@island.net on 2004/03/10 21:49:13 UTC

[users@httpd] strange log entries

Have been watching the logs for a while now, and am getting used to the various 
things that are trying the system.  The latest one is really getting annoying.  Am 
getting strings (huge ones) of just SEARCH 
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 etc... etc... repeats ad nauseum

Should I be concerned.  Am used to rest of the crap, this is totally new




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] strange log entries

Posted by Henry <he...@ix.netcom.com>.
They are most likely attacks against IIS servers.  I get alot of those as well - things like:

_vti_bin/owssvr.dll
_vti_bin/shtml.exe
/MSOffice/cltreq.asp

You can just ignore them.  The extra characters are attempts to fool non-patched IIS servers into running local executables and compromising the system. 

-Hank


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] strange log entries

Posted by we...@island.net.
I have set the DNS flag to show the names.  They appear to be legit 
users, most of which come from Asia.  It is possible that they are 
indeed in "non-english".  However the repeat pattern just appears to 
show a long string of repeat garbage.  I have gathered there are a 
lot of folks poking at the system by just using directory headings.  
Most of which appear to be for Windows stuff.  Apache obviously is 
on top of it as it responds with a 404 error.  There are a lot of these 
searches from comcast.net and attbi.com.  I can't call them attacks 
as they just request directories and the like which do not exist 
withing apache and my system.
  
On 11 Mar 2004 at 10:29, Vi wrote:


> >
> When I did experements with perl's LWP and on my server, I wrote string 
> on russian (in koi8r) as browser's signature,
> it came out in logs in escape form, as in your case. Which fields in log 
> are comming up like that?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] strange log entries

Posted by Vi <vi...@bexout.com>.
webwhiz@island.net wrote:

>Have been watching the logs for a while now, and am getting used to the various 
>things that are trying the system.  The latest one is really getting annoying.  Am 
>getting strings (huge ones) of just SEARCH 
>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 etc... etc... repeats ad nauseum
>
>Should I be concerned.  Am used to rest of the crap, this is totally new
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>  
>
When I did experements with perl's LWP and on my server, I wrote string 
on russian (in koi8r) as browser's signature,
it came out in logs in escape form, as in your case. Which fields in log 
are comming up like that?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org