Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 06-27-2004, 12:37 PM   #1
Registered: Jul 2003
Location: Dallas, TX
Distribution: Ubuntu 10.04 LTS
Posts: 987

Rep: Reputation: 30
apache logs showing strange "SEARCH /\x90\x02\xb1" lines

doing some googling, i found that it was some webdav exploit for windows IIS servers (or a related buffer overflow attack) that is putting these enormously long messages in my access_log files:

SEARCH /\x90\x02\xb1..... (continues for about 30,000 characters); this is supposed to be just a nuisance for apache, but i was wondering how i could avoid all these requests to my server (it makes the log files unnecessarily large)

i found this site: which says i can add this to my httpd.conf file:

<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$
RedirectMatch permanent (.*)root.exe(.*)$
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$
RedirectMatch permanent (.*)\/msadc\/(.*)$
RedirectMatch permanent (.*)\/MSADC\/(.*)$
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$
RedirectMatch permanent (.*)\/x90\/(.*)$

is this a good idea? i don't want users getting redirected away from my site just to be linked to microsoft's site...

*edit: darn, even after adding the above options to httpd.conf, i still get those SEARCH lines in my access_log; it is using up too much bandwidth...

Last edited by TheOneAndOnlySM; 06-27-2004 at 06:00 PM.
Old 06-28-2004, 04:39 PM   #2
LQ Veteran
Registered: Mar 2003
Location: Boise, ID
Distribution: Mint
Posts: 6,642

Rep: Reputation: 72
This sounds as if it may be better addressed in the Security forum rather than the Software forum. You may want to consider asking a moderator to move it. Good luck with it either way. -- J.W.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
Apache "SEARCH /\x90\ ... solution s34n Linux - Security 0 10-08-2004 10:09 AM
Stop showing my "machine name" on internet (like in Shields UP!) hendrixx Linux - Security 8 01-18-2004 09:07 AM
'Last' command showing "Crash" for ftp users wizade Linux - Software 2 10-27-2003 12:48 PM
Aftre reboot linux can not boot, just showing "LI" mobassir Linux - Software 6 09-02-2003 08:00 AM

All times are GMT -5. The time now is 11:04 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration