Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] odd entries access_log
  • From: Rikard Johnels <rikjoh@xxxxxxxxx>
  • Date: Sat, 12 Mar 2005 23:29:07 +0100
  • Message-id: <200503122329.08417.rikjoh@xxxxxxxxx>
On Saturday 12 March 2005 23.03, Rikard Johnels wrote:
> On Saturday 12 March 2005 22.46, Ger Lautenbach wrote:
> > Hello list,
> >
> > can somebody explain to me what these entries are in my access_log of my
> > apache webserver?
> > (there are a couple lines below i copied for you to look at)
> >
> > thks
> >
> > Ger
> >
> >
> > 65.194.21.143 - - [12/Mar/2005:19:01:36 +0100] "POST
> > /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 1055 "-" "-"
> > 65.194.21.143 - - [12/Mar/2005:19:01:37 +0100] "SEARCH
> > /\x90\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x0
> >4H \x04H\x04H\x04H\x04H\x04
> > x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04
> >H\ x04H\x04H\x04H\x04H\x04 etc
> > etc
> > etc
>
> One of the worms. (Was it Nimda or Code Red?)
> IIS exploits that apacha just goes "Huh!? What!?" too...
>
>
> --
>
> /Rikard
>
> ---------------------------------------------------------------
> Rikard Johnels email : rikjoh@xxxxxxxxx
> Web : http://www.rikjoh.com/users/rikjoh
> Mob : +46 735 05 51 01
> PGP : 0x461CEE56
> ---------------------------------------------------------------

From http://forums.macosxhints.com/showthread.php?t=22371
<quote>
It's the IIS WebDAV exploit: http://edgeos.com/threats/details.php?id=11413
http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx

If you're running Apache on *nix, those lines are just annoying (but can
cause problems with Webalizer). If you have IIS, better start patching ASAP!

</quote>
--

/Rikard

---------------------------------------------------------------
Rikard Johnels email : rikjoh@xxxxxxxxx
Web : http://www.rikjoh.com/users/rikjoh
Mob : +46 735 05 51 01
PGP : 0x461CEE56
---------------------------------------------------------------

< Previous Next >