You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Sakthi Esakiappan <sa...@mercuryminds.com> on 2010/07/13 15:01:42 UTC

[users@httpd] Re: How to regenerate 400 error code

Any information guys...

On 13 July 2010 10:16, Sakthi Esakiappan <sakthi.esakiappan@mercuryminds.com
> wrote:

> Hello,
>
> Hack attempt is made in one of our server. The hacker used string
> "w00tw00t.at.ISC.SANS.DFind" to continuously generate 400 Bad request to our
> server. He is capable of generating very large number of request in a short
> time from various IPs.
>
> I have hardened apache for handling this error code. Now I want to verify
> the same, so can any one suggest me how to regenerate 400 Bad request to a
> server. It would be also helpful if any information about how to prevent
> these types of attacks.
>
> --
> With Regards,
> Sakthi Esakiappan.M
> Server Administrator
>
> MercuryMinds Technologies Pvt Ltd
> www.mercuryminds.com "An E-Commerce mentor"
> sakthi.esakiappan@mercuryminds.com
> www.mercuryminds.com
>
>

Re: [users@httpd] Re: How to regenerate 400 error code

Posted by Tom Evans <te...@googlemail.com>.

On Tue, Jul 13, 2010 at 2:01 PM, Sakthi Esakiappan
<sa...@mercuryminds.com> wrote:
> Any information guys...
>
> On 13 July 2010 10:16, Sakthi Esakiappan
> <sa...@mercuryminds.com> wrote:
>>
>> Hello,
>>
>> Hack attempt is made in one of our server. The hacker used string
>> "w00tw00t.at.ISC.SANS.DFind" to continuously generate 400 Bad request to our
>> server. He is capable of generating very large number of request in a short
>> time from various IPs.
>>
>> I have hardened apache for handling this error code. Now I want to verify
>> the same, so can any one suggest me how to regenerate 400 Bad request to a
>> server. It would be also helpful if any information about how to prevent
>> these types of attacks.
>>

This isn't an 'attack', it is a probe. If you wish to prevent people
from probing your web server, take it off the internet.

If you want to generate a bad request, it is easier than you think:

> $ echo "This isnt a proper request" | nc strangepork 80
HTTP/1.1 400 Bad Request
Date: Tue, 13 Jul 2010 13:23:46 GMT
Server: Apache/2.2.15 (FreeBSD) mod_fastcgi/2.4.6 mod_ssl/2.2.15
OpenSSL/0.9.8e DAV/2 mod_wsgi/2.8 Python/2.6.5 mod_scgi/1.12
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org