<br><span class="gmail_quote"></span>I googled for the first part of which I pasted and got no results. and
no this is an apache2 (hint see subject line) Linux Server. I'll try a
little more see if I get anything...<div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style="direction: ltr;"><span class="e" id="q_10afcb234b673fe4_1">
<br><br><div><span class="gmail_quote">On 5/3/06, <b class="gmail_sendername">STeve Andre'</b> <<a href="mailto:andres@msu.edu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">andres@msu.edu</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Well, maybe not. It isn't YOU that is causing this, its a vandal<br>at the other end of the line, or its a bot or otherwise infected<br>machine that is pawing at you.<br><br>You aren't running ISS, I hope...<br><br>If you aren't, then you are likely safe. Note that I say likely,
<br>because I don't know what this is. x90 is a really good clue<br>that its i386 specific though. Hmmm. Google for some of<br>that string and see what you get?<br><br>On Wednesday 03 May 2006 19:47, you wrote:<br>> oh... nice... sounds like I now need to improve my security... fun...
<br>> suggestions?<br>><br>> On 5/3/06, STeve Andre' <<a href="mailto:andres@msu.edu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">andres@msu.edu</a>> wrote:<br>> > On Wednesday 03 May 2006 19:36, Caleb Cushing wrote:
<br>> > > what is this?
<br>> > ><br>> > > <a href="http://67.167.118.5" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">67.167.118.5</a> - - [03/May/2006:14:38:22 -0400] "SEARCH<br>> > > /\x90\xc9\xc9\xc9\xc9\xc9\
<br>> ><br>> > xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\x
<br>> >c9<br>> ><br>> > >\xc9\.... ....90\x90\x90\x90\x90\x90\x90\x....<br>> > ><br>> > > those characters repeat for a long time.... why?<br>> ><br>> > Heh. Thats shell code. You are being hit by an exploit of some
<br>> > kind, most likely for MS's IIS horror.<br>> ><br>> > x90 is a NOP for i386. Yup, definitely something designed to<br>> > slither into a system. ;-)<br>> ><br>> > --STeve Andre'
<br></blockquote></div><br>
</span></div></blockquote></div><br>