Re: Unknown entry in Apache log

From: Peter Rehäußer (dummerchen_at_aol.de)
Date: 08/31/03


Date: Sun, 31 Aug 2003 16:06:45 +0200

Hi,

I suppose this is a little attack. I think you have more than one entry like
this one in your log file.

The attacker tries some common paths/commands to hack your system.

"William Warren" <wwarren.nouce@timesucker.homelinux.org> schrieb im
Newsbeitrag news:3Vo2b.193175$Oz4.52399@rwcrnsc54...
> Thanks for helping me with this problem.
>
> I just got the following entry in my Apache log (IP address is genuine,
from
> .br). I don't find it on the Symantec site or via Google search, and I
> welcome any advice on what it is or why it would be on port 80.
>
> 200.154.128.74 - - [24/Aug/2003:18:50:39 -0400]
> "\x92X\xf1\xef\xeb\xdf4\x86\b\t X" 400 -
>
> I appreciate your help. I have set the followups.
>
> Bill
> --
> William Warren
> (Remove ".nouce" for direct replies.)
>
>



Relevant Pages

  • Re: [OpenVMS Alpha V7.3-2] Batch/Print Job Numbering
    ... $ SUBMIT/qualifierfilespec/HOLD ... listing of every entry number used for that job in ascending order by ... Imagine his queue numbers run from 1 to 1000. ... ...is output to the log file, that will help naarow it down, but not ...
    (comp.os.vms)
  • Re: Re: They got me!!!
    ... If the attack is personal, rather than impersonal and automated, then ... It is important to recognize that common spyware often uses rootkits. ... look for strange ports. ... You should see in the log file a connection going to an ...
    (Incidents)
  • Re: Help - (getting intermittent 404s)- This sites my last hope!
    ... The entry below that looks funny, ... However, as Robear mentioned, you really need to post your HJT log file to one of the forums he mentioned to have a real expert interpret it. ... You said that tool can help me to fix things but I need to know really, ... I end up with a damaged IP stack (Dont think its the browser itself as Opera ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: "apply to enclosed items" is grayed out
    ... extremely ripe conditions for an attack. ... /var/log/secure.log to ensure no sketchy activity is logged there. ... Or, if you want, you can send the log file to me and I'll have a look at ...
    (comp.sys.mac.system)
  • Re: Response time from VMS Engineering for support calls ?
    ... To use some form of external time synchronisation? ... Thanks for the suggestion but the log file from the first run shows the job ... ran to completion so there should not have been any entry to run upon system ... system restart. ...
    (comp.os.vms)