httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Bolioli <i...@terranovum.com>
Subject Re: [users@httpd] any way to stop these ?
Date Tue, 14 Jan 2003 16:41:41 GMT
Definitely intriguiing. SmpDsBhgRl seems to prefix the GETs while the 
POSTS are just that (SmpDsBhgRl) for the URIrequest. If you notice what 
follows is possibly encoded info. Anyone have a spare cycle to decode a 
few of those strings and post them (ie write a quick perl script)? This 
may be just be innocent but the pattern of two GETs and a POST is 
definitely suspicious.
Tom

R'twick Niceorgaw wrote:

>Here are some form access_log
>Do they make any sense ?
>
>203.94.195.170 - - [14/Jan/2003:10:00:27 -0500] "GET
>/SmpDsBhgRlb0b583ef-145f-40e8-8056-e42539b613fd HTTP/1.0" 404 304
>202.156.2.42 - - [14/Jan/2003:10:00:57 -0500] "GET
>/SmpDsBhgRl47f52765-447c-4ba7-bd3d-4c42d8e50dd1 HTTP/1.0" 404 311
>203.94.195.170 - - [14/Jan/2003:10:02:53 -0500] "POST /SmpDsBhgRl HTTP/1.0"
>404 268
>202.156.2.42 - - [14/Jan/2003:10:02:59 -0500] "POST /SmpDsBhgRl HTTP/1.0"
>404 275
>203.94.195.170 - - [14/Jan/2003:10:05:30 -0500] "GET
>/SmpDsBhgRl66f52d87-f82d-427d-a0ce-65b250bc5f32 HTTP/1.0" 404 304
>202.156.2.42 - - [14/Jan/2003:10:05:53 -0500] "GET
>/SmpDsBhgRl1bcd5aba-2bc2-4aa9-b0d8-e9d2e2341dad HTTP/1.0" 404 311
>203.94.195.170 - - [14/Jan/2003:10:06:34 -0500] "POST /SmpDsBhgRl HTTP/1.0"
>404 268
>203.94.195.170 - - [14/Jan/2003:10:07:13 -0500] "GET
>//jukedir/juke20394195170.ram HTTP/1.1" 301 336
>203.94.195.170 - - [14/Jan/2003:10:07:23 -0500] "GET
>/SmpDsBhgRlea668224-0bd9-47bc-8e59-adcfd6e73e70 HTTP/1.0" 404 304
>202.156.2.42 - - [14/Jan/2003:10:07:59 -0500] "POST /SmpDsBhgRl HTTP/1.0"
>404 275
>203.94.195.170 - - [14/Jan/2003:10:12:24 -0500] "POST /SmpDsBhgRl HTTP/1.0"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:15:48 -0500] "GET
>/SmpDsBhgRl3b925950-5772-4ed2-aa38-954c13fc7c7a HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:19:57 -0500] "GET
>/SmpDsBhgRl662479ff-a49f-458b-b3ad-f090aeac74b1 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:20:49 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:24:48 -0500] "GET
>/SmpDsBhgRl0566a9cc-5934-4197-98aa-954f4785515b HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:24:58 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:29:50 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:32:55 -0500] "GET
>/SmpDsBhgRl632f166a-65fd-4e9c-b8ba-a2afa84e4607 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:36:12 -0500] "GET
>/SmpDsBhgRlfa7ab9d2-c274-4481-8bce-ceb29c17777a HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:37:57 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:39:28 -0500] "GET
>/SmpDsBhgRlaa012a61-78c0-49b3-ab2d-733def685c64 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:41:14 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:42:55 -0500] "GET
>/SmpDsBhgRlcd3552c8-f36c-46bb-bd18-864f9fb16293 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:44:29 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:48:01 -0500] "POST /SmpDsBhgRl HTTP/1.1"
>200 -
>
>----- Original Message -----
>From: "Boyle Owen" <Owen.Boyle@swx.com>
>To: <users@httpd.apache.org>
>Sent: Tuesday, January 14, 2003 11:18 AM
>Subject: RE: [users@httpd] any way to stop these ?
>
>
>  
>
>>I've not seen this before... What do the corresponding requests look
>>like in the transfer log?
>>
>>Rgds,
>>
>>Owen Boyle
>>
>>    
>>
>>>-----Original Message-----
>>>From: R'twick Niceorgaw [mailto:public@utkalika.net]
>>>Sent: Dienstag, 14. Januar 2003 17:05
>>>To: apache user list
>>>Subject: [users@httpd] any way to stop these ?
>>>
>>>
>>>Hi all,
>>>I'm recently getting a lot of  entries in the error_log like
>>>these below.
>>>There a lot of them from different IP addresses. Is it some
>>>kind of virus or
>>>DDos attack ?
>>>Is there anyway I can stop them?
>>>
>>>Regards
>>>R'twick
>>>
>>>[Tue Jan 14 10:05:30 2003] [error] [client 203.94.195.170]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRl66f52d87-f82d-427d-
>>>a0ce-65b250bc
>>>5f32
>>>[Tue Jan 14 10:05:53 2003] [error] [client 202.156.2.42] File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRl1bcd5aba-2bc2-4aa9-
>>>b0d8-e9d2e234
>>>1dad
>>>[Tue Jan 14 10:06:34 2003] [error] [client 203.94.195.170]
>>>File does not
>>>exist: /home/httpd/vhosts/default/htdocs/SmpDsBhgRl
>>>[Tue Jan 14 10:07:23 2003] [error] [client 203.94.195.170]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRlea668224-0bd9-47bc-
>>>8e59-adcfd6e7
>>>3e70
>>>[Tue Jan 14 10:07:59 2003] [error] [client 202.156.2.42] File does not
>>>exist: /home/httpd/vhosts/default/htdocs/SmpDsBhgRl
>>>[Tue Jan 14 10:15:48 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRl3b925950-5772-4ed2-
>>>aa38-954c13fc
>>>7c7a
>>>[Tue Jan 14 10:19:57 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRl662479ff-a49f-458b-
>>>b3ad-f090aeac
>>>74b1
>>>[Tue Jan 14 10:24:48 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRl0566a9cc-5934-4197-
>>>98aa-954f4785
>>>515b
>>>[Tue Jan 14 10:32:55 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRl632f166a-65fd-4e9c-
>>>b8ba-a2afa84e
>>>4607
>>>[Tue Jan 14 10:36:12 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRlfa7ab9d2-c274-4481-
>>>8bce-ceb29c17
>>>777a
>>>[Tue Jan 14 10:39:28 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRlaa012a61-78c0-49b3-
>>>ab2d-733def68
>>>5c64
>>>[Tue Jan 14 10:42:55 2003] [error] [client 195.226.230.37]
>>>File does not
>>>exist:
>>>/home/httpd/vhosts/default/htdocs/SmpDsBhgRlcd3552c8-f36c-46bb-
>>>bd18-864f9fb1
>>>6293
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP
>>>Server Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>      
>>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose, distribute, print,
>>or copy any part of this message if you are not the intended recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>    
>>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>  
>

-- 
-----------------------------------------------------
Terra Novum Research
info@terranovum.com
www.terranovum.com
(617) 923-4132

PO Box 362
Watertown, MA 02471-0362

For it is true that we are seldom 
able to help the ones closest to us. 
Sometimes we must love completely 
those who we do not completely understand.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message