LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-28-2004, 09:03 PM   #1
verbal
Member
 
Registered: Jul 2002
Location: New York
Distribution: Red Hat 7.2, SuSE 7.3
Posts: 60

Rep: Reputation: 15
apache access log question


Hey there...

I noticed an increase in some access log entries and I dont know what they are. Has anyone seen anything like this before:

24.57.73.109 - - [10/Jul/2004:22:34:15 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02

only the entries now span pages... they are huge.

are these spiders or something worse?

thanks in advance

Dave
(Verbal)

Last edited by verbal; 07-28-2004 at 09:04 PM.
 
Old 07-28-2004, 09:22 PM   #2
SirSlappy
Member
 
Registered: Jun 2003
Location: Glendale AZ
Distribution: Slackware 10
Posts: 153

Rep: Reputation: 30
Buffer overflow

What you're looking at my friend is most likely some type of buffer overflow (Remote Exploit). Make sure your computer has not been compromised and report the abuser to his ISP.

Again, it is a hack attempt. Update your Apache server and make sure it's secure.
 
Old 07-28-2004, 09:52 PM   #3
needforspeed
Member
 
Registered: Aug 2003
Distribution: Gentoo
Posts: 73

Rep: Reputation: 15
I've had several of these in my logs too, but seems to be only when using Apache for my server. Screwed up my log analyzer tool a little, but I didn't notice any thing else wrong.
 
Old 07-29-2004, 12:15 AM   #4
verbal
Member
 
Registered: Jul 2002
Location: New York
Distribution: Red Hat 7.2, SuSE 7.3
Posts: 60

Original Poster
Rep: Reputation: 15
Re: Buffer overflow

Quote:
Originally posted by SirSlappy
What you're looking at my friend is most likely some type of buffer overflow (Remote Exploit). Make sure your computer has not been compromised and report the abuser to his ISP.

Again, it is a hack attempt. Update your Apache server and make sure it's secure.

My paranoid mind had already travelled that twisted corridor... *sigh*, was hoping it was just paranoia. Well, tripwire hasn't set off any alerts yet, so think I'm secure so far. Hard to report the user, coming from at least 12 different IP blocks as far as I can see. But will trace each and submit reports.

thanks for the reply

Dave

Last edited by verbal; 07-29-2004 at 12:16 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange results in /var/log/apache/access.log subt13 Linux - Security 2 08-03-2004 02:21 PM
Apache access log ncorreia Linux - Software 2 10-10-2003 05:45 AM
strange apache access.log saturn_vk Linux - Security 1 06-13-2003 05:48 PM
apache access log mindcry Linux - Security 6 02-12-2003 01:17 PM
Apache Access Log Crashed_Again Linux - Security 2 01-24-2003 03:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration