is this an attack attempt?

Gregory Nowak greg at romualt.dhs.org
Sun Jun 9 20:09:32 EDT 2002


Hi all,

I've noticed a small number of entries like the one below in my /var/log/apache/access_log file. In the below sample, "x.x.x.x" represents the ip address.


x.x.x.x - - [09/Jun/2002:18:54:52 -0500] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 334


Is someone or actually a group of people trying to compromise my web server? Is it possible to tell from the above log entry  how they are trying to compromise apache? Thanks.
Greg





More information about the Speakup mailing list