Date: Wed, 31 Mar 2004 18:32:53 +0300 From: "Toni Heinonen" <Toni.Heinonen@teleware.fi> To: <freebsd-questions@freebsd.org> Subject: RE: Very long URL with malice intended Message-ID: <B36C365832C90E47A37F4FFCDDEFC46D3D6041@hkisrv08.tw.fi>
next in thread | raw e-mail | index | archive | help
> On Sat, 27 Mar 2004 15:50:53 -0600, Jack L. Stone wrote: > >At 08:28 PM 3.27.2004 +0100, Cordula's Web wrote: > >>>Within the past couple of weeks, the Apache logs have shown a new > >>>type of intrusion -- a very, very long URL request... > >>> > >>>My question is what syntax can I add, if any, to my httpd.conf to > >>>redirect such requests..?? > >>> > >>>65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH > >>>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\... > >> > >>Are only SEARCH requests affected, or GET as well? >=20 > Hey all. A question from a heretofore unrevealed skulker :^>. Was this > question ever answered off-list? My own box is getting hit quite often > with these & I'm concerned that they might be causing harm. thks Don't be concerned, those are probably worms looking for IIS holes or = the like. Since you're running Apache you're not vulnerable.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B36C365832C90E47A37F4FFCDDEFC46D3D6041>