is this an attack attempt?

Alex Snow alex_snow at gmx.net
Mon Jun 10 06:37:19 EDT 2002


Looks like there trying to run an isapi module on your server.  You'd only
be effected if you were using IIS on a winblows box.
----- Original Message -----
From: "Gregory Nowak" <greg at romualt.dhs.org>
To: <speakup at braille.uwo.ca>
Sent: Sunday, June 09, 2002 8:09 PM
Subject: is this an attack attempt?


> Hi all,
>
> I've noticed a small number of entries like the one below in my
/var/log/apache/access_log file. In the below sample, "x.x.x.x" represents
the ip address.
>
>
> x.x.x.x - - [09/Jun/2002:18:54:52 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 334
>
>
> Is someone or actually a group of people trying to compromise my web
server? Is it possible to tell from the above log entry  how they are trying
to compromise apache? Thanks.
> Greg
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>





More information about the Speakup mailing list