httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Ballantyne <...@midori.shacknet.nu>
Subject [users@httpd] should I worry about this script kiddies attack?
Date Wed, 06 Aug 2003 14:13:17 GMT
Hi,

I've been using apache successfully for three years now and have never had 
problems or concerns with it until now.  I am aware of quite a few script 
kiddie attacks (cled red, etc), but have today seen in my log files 18 
entries that somewhat concern me.  I have found nothing in google or the 
apache mailing list that would stop my concerns, so I have got onto this list 
to see if anyone else knows anything.  

Normally I wouldn't be concerned, except that this time apache has returned a 
400 status, and 299 bytes of data.  I think my system hasn't been 
compromised, but maybe there is something new out there that should be 
worried about.

An extract of one of the log entries is below.  I have replaced the 
backslashes that were in the log entry with spaces, and have left out most of 
the entry too since it will just create a large mail.  Each full line in the 
log is 6396 characters long.

So, should I be worried, could there be a new attack against apache, or is 
this just another M$ IIS attack?  Your input will be appreciated.

Regards
Ian

203.229.217.15 - - [06/Aug/2003:08:08:52 +0200] "GET /NULL.IDA?CCCC 

[lots of C's left out] 

CCC%u0aeb%ub890%u898b%u77e8%u0000%u0000%u838b%u0094%u0000%u408b%u0564%u0150%u0000%ue0ff%u9090=x&

x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 
x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 x90 xeb t x90 x90 x90_ xeb b 
x90 x90 x90 xe8 xf5 xff xff xff x8do xf0 x8d}- x90 x90 x90 x8b xf7f xb8H x063 
xc9f x8b xc8 xb4 x99 xfc xac2 xc4 xaa xe2 xfa x14$ xec x9f x99 x99e xaaP( 
xb9) xbdk7_ xdef

[large chunk left out]

xa8 xe9 x7f xee x99 xfa[ x01+ xdfcmd.exe$ HTTP/1.1" 400 299

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message