Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] odd entries access_log
  • From: Rikard Johnels <rikjoh@xxxxxxxxx>
  • Date: Sat, 12 Mar 2005 23:03:57 +0100
  • Message-id: <200503122303.58657.rikjoh@xxxxxxxxx>
On Saturday 12 March 2005 22.46, Ger Lautenbach wrote:
> Hello list,
>
> can somebody explain to me what these entries are in my access_log of my
> apache webserver?
> (there are a couple lines below i copied for you to look at)
>
> thks
>
> Ger
>
>
> 65.194.21.143 - - [12/Mar/2005:19:01:36 +0100] "POST
> /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 1055 "-" "-"
> 65.194.21.143 - - [12/Mar/2005:19:01:37 +0100] "SEARCH
> /\x90\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H
>\x04H\x04H\x04H\x04H\x04
> x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\
>x04H\x04H\x04H\x04H\x04 etc
> etc
> etc

One of the worms. (Was it Nimda or Code Red?)
IIS exploits that apacha just goes "Huh!? What!?" too...


--

/Rikard

---------------------------------------------------------------
Rikard Johnels email : rikjoh@xxxxxxxxx
Web : http://www.rikjoh.com/users/rikjoh
Mob : +46 735 05 51 01
PGP : 0x461CEE56
---------------------------------------------------------------

< Previous Next >
Follow Ups
References