httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Lenger <>
Subject [users@httpd] Buffer Overrun Attack
Date Tue, 14 Sep 2004 16:26:34 GMT

I´am running Apache 1.3.26 and found some strange entries in my 
access.log: There are lots of "SEARCH" requests  from spoofed addresses 
with very lengthy keywords. These keywords seem to be hex-encoded 
binary-data. A sample request looks like this: - - [02/Sep/2004:18:16:32 +0200] "SEARCH 
[...]  \x90" 414 271 "-" "-"

After lots of these requests a password-protected area of the server was 
accessed from an IP that belongs to some russian internet provider ("BIS 
Telekom") . As I neither know no russians nor gave the password to 
someone who went to russia there are two possibilities:

   1. The password was stolen from a third person who I gave the
      password to.
   2. The attack was successful.

I fear the second statement is true. Any ideas?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message