From owner-freebsd-questions@FreeBSD.ORG Wed Mar 31 08:37:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B26C116A4CE for ; Wed, 31 Mar 2004 08:37:19 -0800 (PST) Received: from fep2.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77CC043D1F for ; Wed, 31 Mar 2004 08:37:19 -0800 (PST) (envelope-from nick_fbsd@cogeco.ca) Received: from xp2200 (d150-27-55.home.cgocable.net [24.150.27.55]) by fep2.cogeco.net (Postfix) with ESMTP id 72FAC2036 for ; Wed, 31 Mar 2004 11:37:18 -0500 (EST) From: "Nick" To: Date: Wed, 31 Mar 2004 11:37:22 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20040331150847.GA3376@sting.grogsworld.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Thread-Index: AcQXMrGuQFeR4P3vROCmcEeTLVAXKgAC1igg Message-Id: <20040331163718.72FAC2036@fep2.cogeco.net> Subject: RE: Very long URL with malice intended X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Mar 2004 16:37:19 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of GROG! (Jeff Howie) > Sent: Wednesday, March 31, 2004 10:09 AM > To: freebsd-questions@freebsd.org > Subject: Re: Very long URL with malice intended > > On Sat, 27 Mar 2004 15:50:53 -0600, Jack L. Stone wrote: > >At 08:28 PM 3.27.2004 +0100, Cordula's Web wrote: > >>>Within the past couple of weeks, the Apache logs have shown a new > >>>type of intrusion -- a very, very long URL request... > >>> > >>>My question is what syntax can I add, if any, to my httpd.conf to > >>>redirect such requests..?? > >>> > >>>65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH > >>>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\... > >> > >>Are only SEARCH requests affected, or GET as well? > > Hey all. A question from a heretofore unrevealed skulker :^>. Was this > question ever answered off-list? My own box is getting hit quite often > with these & I'm concerned that they might be causing harm. thks > > >The ones I've seen have all been SEARCH.... > > Me too. > > thks > > -- > GROG! MMM Reality is that which, when you stop believing > thks (o o) in it, doesn't go away. -- Philip K. Dick > --ooO-(_)-Ooo-- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" It is an IIS WebDAV exploit from April 2003 (?), apache is not affected, its just annoying :) (nachi and agobot use this exploit)