httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eimantas Vaiciunas <eimantas.vaiciu...@sc.vu.lt>
Subject [users@httpd] Stupid hacks with spoofed IP?
Date Thu, 19 Aug 2004 06:27:01 GMT
Hello list

I was going through my access_log and noticed at least once a week i get such 
kind of requests:
xxx.xxx.xxx.xxx - - [06/Aug/2004:02:20:03 +0300] "SEARCH /\x90\x02\xb1\x02\xb1
\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1
\x02....\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
\xb1\x02\xb1\x02...\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" 414 360

xxx.xxx.xxx.xxx - - [29/Jul/2004:19:18:06 +0200] "GET /
default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%
ucbd3%u7801%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%
u0078%u0000%u00=a HTTP/1.0" 404 319

Some of them gives me 414 status (URI Too long). What does that supose to mean 
(not the 414 code, the requests)? When i riped the ip address it couldn't be 
found (of course some of them were recognised). I think some of them were 
spoofed, but if person is smart enough to spoof own ip address shouldn't he 
be smarte enough not to try to hack my web server through some kind of 
meaningless requests?
-----
Eimis


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message