httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jack Mcslay <bina...@gmail.com>
Subject Re: [users@httpd] Do these log entries show someone trying to hack in?
Date Fri, 24 May 2013 13:55:30 GMT
These appear to be escaped characters from a binary blob, which could be 
someone trying to inject malicious code, but I really don't think apache 
has anything that makes it interpret hostnames as C-styled escaped strings.

Em 24-05-2013 10:26, plot.lost escreveu:
> I've been getting from error log entries about SNI and hostname are 
> different, and in these cases the SNI used seems to be the correct 
> hostname but with some extra data on the end, for example:
>
>     Hostname www.example.com\xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80 
> provided via SNI and hostname www.example.com provided via HTTP are 
> different
>
> In this case the extra data was \xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80
>
> but there have been a number of different sets of data, such as:
>
>     A\xe8\x84\xb4A\xc9\xa0\xe0\xa8\xbe\xed\x9c\xbc\xd4\x80
>
>     \xdd\x98\xee\xbd\xa0\xe0\xaf\xb5\xcf\xb8
>
>     \xdd\x9a\xe2\xa4\x90\xe0\xaf\xb0\xcb\xb0
>
>     \xdd\xa0\xee\xbd\xa0\xe0\xaf\xb5\xcf\xb8
>
>     \xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80
>
>     \xe0\xb1\x82\xe6\xbb\x98\xdd\x99\xc4\x90
>
> Does anyone have any idea as to what this might be for? Are there any 
> known/possible exploits in Apache that this might be trying to use?
>
> Server Version: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1a 
> running on Ubuntu
>
> Thanks in advance for any hints/advice.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message