LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page HELP ! very strange apache logs !
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-15-2004, 09:27 PM   #1
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
HELP ! very strange apache logs !

my apache2 access log....

Quote:
{IP ADDRESS} - - [15/Sep/2004:23:09:10 +0100] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02
but the (is it hexidecimal ?) code coes on and on for pages !
what us this !

was some1 trying to exploit my box ! ?

the access error log shows...

Quote:
[Wed Sep 15 23:09:10 2004] [error] [client (SAME IP ADDRESS)] request failed: URI too long (longer than 8190)
im running apache2.0.50

i assume they did not suceed in the exploit ?
otherwise they would have removed or fixed the logs ?


ALSO !!!!
im using the translucent windows patchfor KDE (unstable)
and as a result somtimes X restarts.. while it was doing this, i tried to get into a second login console (ctrl+alt+F2) there ALL dead... blank screens... even F1.

its likes like these i wish i had updated my tripwwire database !
Last edited by qwijibow; 09-15-2004 at 09:37 PM.
 
Old 09-15-2004, 10:17 PM   #2
synaptical
Senior Member
 
Registered: Jun 2003
Distribution: Mint 13/15, CentOS 6.4
Posts: 2,020

Rep: Reputation: 48
i get those all the time. i think they are trying for buffer overflows on windoze boxes. so far they have been harmless on my server except for the annoyance and adding to the log.
 
Old 09-15-2004, 10:24 PM   #3
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
yeah i assumed buffer overflow... but didnt know wether id be at risk.

any ideas about dissapearing agetty's ?

the 'top' program shows all my agetty's to be running..

confusing !
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange FTP logs dominant Linux - Security 1 08-24-2004 01:46 AM
apache logs showing strange "SEARCH /\x90\x02\xb1" lines TheOneAndOnlySM Linux - Software 1 06-28-2004 04:39 PM
Strange Apache LOGs... TheIrish Linux - Security 3 02-10-2004 01:15 PM
strange logs NSKL Slackware 2 10-24-2003 05:10 AM
Apache logs - ???Linux logs??? mylo2003 Linux - General 3 08-07-2003 04:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration