Re: I think I've been cracked, please check out.

From: Bill Unruh (
Date: 02/22/03

  • Next message: David: "Re: I think I've been cracked, please check out."
    From: (Bill Unruh)
    Date: 22 Feb 2003 04:11:05 GMT

    Amir Hardon <hardon*antispam-remove*> writes:

    ]I have apache 1.3.27 on an up to date redhat machine.
    ]I found the following line in my apache access_log:
    ] - - [18/Feb/2003:13:54:19 +0200] "GET
    ]HTTP/1.0" 400 326 "-" "-"

    ]I sent a similar request and that was it's log:

    ] - - [21/Feb/2003:23:58:07 +0200] "GET
    ]HTTP/1.0" 404 279 "-" "Wget/1.8.2"

    ]Note that the original request has responded by a 400 error and my request
    ]was responded with a 404,
    ]another wierd thing is that the original requests do not got into the
    ]I haven't found any CVE about such exploit...
    ]The only diffrence that can be between the requests is a diffrent header.
    ]Have I been cracked? (My network connection is very slow lately and I am a
    ]bit worried) communication has become very slow).

    KLEZ -- attempting to do a buffer overflow attack on a Microsoft Web
    server. Do yourun a Microsoft web server? If not, do not worry.