Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Weard SEARCH requests in access_log

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  virtual host configuration difficulties  
Author Message
ng1

External


Since: Jun 16, 2004
Posts: 3



(Msg. 1) Posted: Thu Jun 24, 2004 1:57 am
Post subject: Weard SEARCH requests in access_log
Archived from groups: alt>apache>configuration (more info?)
Hello.

When looking in my log (the httpd - access_log), i found some weard
requests:

.... SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0.....
414 339 "-" "-"

The requests are very long (the above line is 28281 characters long!).
There are multiple of the same sort of the request, which are very
long and with a lot of "\x90". In the "error_log" i can see the
requests are rejected by httpd, by the log entry:"...request failed:
URI too long (longer than 8190)...".

But i am concerned about what it is. Does anyone know?

/Michael

 >> Stay informed about: Weard SEARCH requests in access_log 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 2) Posted: Thu Jun 24, 2004 9:55 am
Post subject: Re: Weard SEARCH requests in access_log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Michael <ng1.TakeThisOut@mxn.dk> wrote:
 > When looking in my log (the httpd - access_log), i found some weard
 > requests:
 > ... SEARCH /\x90\x02\xb1\x02\xb1\x02\xb<zap>
 > 414 339 "-" "-"

Another worm/virus/junk trying to spread around, probably designed
for Microsoft machines. Put the originating IP in your firewall and
configure your Apache to not log this junk if you like.

Davide

--
| It is not true that life is one damn thing after another -- it's one
| damn thing over and over.
|
|<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: Weard SEARCH requests in access_log 
Back to top
Login to vote
user2840

External


Since: Jun 22, 2004
Posts: 4



(Msg. 3) Posted: Thu Jun 24, 2004 12:54 pm
Post subject: Re: Weard SEARCH requests in access_log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
ng1.TakeThisOut@mxn.dk (Michael) wrote in
news:7b8da5da.0406232157.6dcf8215@posting.google.com:
 > When looking in my log (the httpd - access_log), i found some weard
 > requests:
 > ... SEARCH
 > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x
 > 0..... 414 339 "-" "-"

This is the IIS WebDAV worm, no danger if you're running Apache...

Have a look here for some help to get rid of it -
<a style='text-decoration: underline;' href="http://forums.macosxhints.com/showthread.php?t=22371" target="_blank">http://forums.macosxhints.com/showthread.php?t=22371</a>

To be nicer to M$ though, you could change those redirects a bit Smile
RedirectMatch permanent (.*)\/x90\/(.*)$ <a style='text-decoration: underline;' href="http://localhost/" target="_blank">http://localhost/</a>

hth,
Stian<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Weard SEARCH requests in access_log 
Back to top
Login to vote
ng1

External


Since: Jun 16, 2004
Posts: 3



(Msg. 4) Posted: Thu Jun 24, 2004 2:52 pm
Post subject: Re: Weard SEARCH requests in access_log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
 > To be nicer to M$ though, you could change those redirects a bit Smile
<font color=purple> > RedirectMatch permanent (.*)\/x90\/(.*)$ <a style='text-decoration: underline;' href="http://localhost/</font" target="_blank">http://localhost/</font</a>>

ok, thanks a lot for your help, and i think i'll do as you say (not
using M$ host as redirect Smile

/Michael<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Weard SEARCH requests in access_log 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Weird SEARCH in my access_log - Lately my access_log is getting cluttered with a large number of SEARCH accesses from numerous IP addresses. These SEARCH commands appear to be invalid and are, therefore, aparently some attempt at mischief (?). Anyway, they look like this: ..

Conditional logging problem when trying to remove long SEA.. - Hi, I have a problem with getting the long SEARCH requests logged seperately. I'm using this configuration: Code: -------------------- SetEnvIfNoCase Request_Method "SEARCH" worm SetEnvIf Request_URI "^/[a-zA-Z0-9 ].*" !worm S...

Access_log multiple GETs per second? - Apache novice cannot figure this out why I have a legitimate client making so many requests in a short period of time, other legitimate clients also do this: 12.100.x.250 - 7ujqc3R [04/Feb/2004:10:21:43 -0600] "GET..

how to view access_log realtime? - Is it possible to view the access log on command line either via the console or sshd connection in realtime? Thanks, -Giles

Webmin access_log rotate Apache Start Stop - Hi, I have setup 2 cron jobs in webmin to rotate my logs each night for: /usr/local/apache/vhosts/www.xxxxx.com/logs/access_log /usr/local/apache/vhosts/www.xxxxx.com/logs/error_log In webmin it says: "Commands to run before rotation:" ...
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]