|
Home > Archive > Apache Server configuration support > November 2004 > Strange message.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Peter Terpstra 2004-11-24, 8:13 am |
| Dear readers,
In my access logfile I found a strange extremely long message tha starts with
"chello213047090170.3.14.vie.surfer.at - - [24/Nov/2004:12:23:12 +0100]
"SEARCH /\x90\x02\xb1\"
and ends with:
" \x90\x90\x90\x0\x90\x90\x90\x90\x90\x90\
x90\x90\x90\x90\x90\x90\x90\x90\x90\
x90\x90\x90\x90 414 338 "-" "-"
Does anyone know what it is and if I should do something about it?
With kind regards,
Peter Terpstra
--
Datum en tijd: woensdag 24 november : 13 uur, 46 minuten en 24 seconden.
Uptime: 1:46pm alive 7 days 3:38, 1 user, load: 0,08, 0,19, 0,13
http://k6.xs4all.nl mailto:peter@k6.xs4all.nl
| |
| Davide Bianchi 2004-11-24, 8:13 am |
| On 2004-11-24, Peter Terpstra <peter@love.antartica.invalid> wrote:
> In my access logfile I found a strange extremely long message tha starts with
> "chello213047090170.3.14.vie.surfer.at - - [24/Nov/2004:12:23:12 +0100]
> "SEARCH /\x90\x02\xb1\"
Is a very well-know Microsoft worm/virus/crap.
You can configure your apache to ignore the request and not logging them,
and/or add the ip address to your firewall. A simple search on the net or
on this very same newsgroup would have told you so.
Davide
--
....A Microsoft spokesperson said, "while fighting software piracy is good
for our business, highway robbery is our business."
-- From a Slashdot.org post
| |
|
|
"Davide Bianchi" <davideyeahsure@onlyforfun.net> schreef in bericht
news:slrncq92pr.1oq.davideyeahsure@fogg.onlyforfun.net...
> On 2004-11-24, Peter Terpstra <peter@love.antartica.invalid> wrote:
with[vbcol=seagreen]
>
> Is a very well-know Microsoft worm/virus/crap.
> You can configure your apache to ignore the request and not logging them,
> and/or add the ip address to your firewall. A simple search on the net or
> on this very same newsgroup would have told you so.
>
> Davide
>
> --
> ...A Microsoft spokesperson said, "while fighting software piracy is good
> for our business, highway robbery is our business."
> -- From a Slashdot.org post
My logs are packed with it. Still have to figure out how to stop apache
logging them.
The originating ip's are different every time (no use blocking them), but
they all come from Sweden and Austria (and a few from Korea)....
Is there a connection between the ip from my server and the ip's from the
'attacking' machines? Both begin with 213.?
f.
| |
| Davide Bianchi 2004-11-24, 8:13 am |
| On 2004-11-24, frans <no@no.no> wrote:
> My logs are packed with it. Still have to figure out how to stop apache
> logging them.
Conditional Logging is your friend. And the documentation too.
Davide
--
The three "R"s of Microsoft support: Retry Reboot Reinstall-- Mark Atwood
You forgot one: Repeat-- Lars Balker Rasmussen
| |
|
|
"Davide Bianchi" <davideyeahsure@onlyforfun.net> schreef in bericht
news:slrncq98me.1vb.davideyeahsure@fogg.onlyforfun.net...
> On 2004-11-24, frans <no@no.no> wrote:
>
> Conditional Logging is your friend. And the documentation too.
> Davide
>
True, I know. Time will come...
But the question I asked, was a different one.....
f.
| |
| Peter Terpstra 2004-11-25, 5:56 pm |
| Davide in <slrncq92pr.1oq.davideyeahsure@fogg.onlyforfun.net>:
> On 2004-11-24, Peter Terpstra <peter@love.antartica.invalid> wrote:
[vbcol=seagreen]
> Is a very well-know Microsoft worm/virus/crap.
> You can configure your apache to ignore the request and not logging them,
> and/or add the ip address to your firewall. A simple search on the net or
> on this very same newsgroup would have told you so.
Ah, thank you very much.
A had some look-a-like viruses before but never these extemly long one.
With kind regards,
Peter Terpstra
--
Datum en tijd: donderdag 25 november : 18 uur, 58 minuten en 48 seconden.
Uptime: 6:58pm alive 8 days 8:51, 1 user, load: 0,09, 0,31, 0,23
https://k6.xs4all.nl mailto:peter@k6.xs4all.nl
|
|
|
|
|