Web Servers on Windows - access log

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Windows > April 2004 > access log





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author access log
tolrahC

2004-04-14, 4:51 pm

I have some access on my server that do the following:
"SEARCH / \x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
-> for several lines and then :
\x90\x90 -> for several lines again

then after it does that :
142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "OPTIONS / HTTP/1.1"
200 -
142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "PROPFIND /SharedDocs
HTTP/1.1" 405 317
142.217.93.222 - - [26/Mar/2004:06:57:15 -0500] "OPTIONS / HTTP/1.1"
200 -
142.217.93.222 - - [26/Mar/2004:06:57:30 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325
142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325
142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325
142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325

/Disque%20Dur%20Charles is the name of my hard drive

The IP is very similar to mine, mine is going 142.217.xxx.xxx too. I
don't know if its my ISP that tries to send something.

If you could help we take, i begin to be a little bit anxious with
that.

I'm using the version 2.0.49

Thank you
lac

2004-04-14, 10:37 pm

tolrahC wrote:
> I have some access on my server that do the following:
> "SEARCH / \x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
> -> for several lines and then :
> \x90\x90 -> for several lines again
>
> then after it does that :
> 142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "OPTIONS / HTTP/1.1"
> 200 -
> 142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "PROPFIND /SharedDocs
> HTTP/1.1" 405 317
> 142.217.93.222 - - [26/Mar/2004:06:57:15 -0500] "OPTIONS / HTTP/1.1"
> 200 -
> 142.217.93.222 - - [26/Mar/2004:06:57:30 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
> 142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
> 142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
> 142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
>
> /Disque%20Dur%20Charles is the name of my hard drive
>
> The IP is very similar to mine, mine is going 142.217.xxx.xxx too. I
> don't know if its my ISP that tries to send something.
>
> If you could help we take, i begin to be a little bit anxious with
> that.
>
> I'm using the version 2.0.49
>
> Thank you

Looks like MS WebDav exploit:

http://support.microsoft.com/defaul...kb;en-us;815021

You're fine with Apache...

Lac

tolrahC

2004-04-15, 4:57 pm

> Looks like MS WebDav exploit:
>
> http://support.microsoft.com/defaul...kb;en-us;815021
>
> You're fine with Apache...
>
> Lac


Thank you, i installed the patch and I hope it will work ;)
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com