Strange entry in nginx access.log
I've been getting this for the past few days which i have not seen before:
Code:
99.25.137.246 - - [25/Oct/2014:10:36:05 +0100] "\x80w\x01\x03\x01\x00N\x00\x00\x00 \x00\x009\x00\x008\x00\x005\x00\x00\x16\x00\x00\x13\x00\x00" 400 166 "-" "-" Looks like shellcode to me, but what is it doing. I've shut the server down for now because of the line "admin" appearing in the log entry, has it been compromised? |
Hi there,
Quote:
Quote:
So it looks like this is annoying for you, but not really a problem. [X] Doc CPU |
Ok thanks for explaining. The server itself is just for personal use at the moment, so it's not like anyone will complain about downtime haha. I was alarmed by the "admin" string before the date in the entries immediately following the suspicious request, thinking it could be exploiting nginx, but after reading somewhere it apparently means they only requested admin as the login name for the page and didn't actually login/create an account.
I don't have a router affected by this so that's good to know. |
All times are GMT -5. The time now is 06:09 PM. |