[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
HTTP break in attempt? (Buffer overrun?)
In my "access_log" file under /var/log/httpd, I find a LOT of lines
like this:
24.217.106.237 - - [06/Aug/2001:19:56:13 -0500] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 280 "-" "-"
Is this someone trying to do some funny "buffer overrun" stuff? The IP address
is not always the same.
I'm wondering if this is the result of some stupid IIS server that's been infected by the "Code Red" virus.
There IS a matching entry in the "error_log" file for each try, so I don't think anything bad has happened. Or do I need to change something?
Weird.
Charlie Brune
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.