[GLLUG] Apache2 access_log
Caleb Cushing
xenoterracide at gmail.com
Wed May 3 19:48:54 EDT 2006
oh... nice... sounds like I now need to improve my security... fun...
suggestions?
On 5/3/06, STeve Andre' <andres at msu.edu> wrote:
>
> On Wednesday 03 May 2006 19:36, Caleb Cushing wrote:
> > what is this?
> >
> > 67.167.118.5 - - [03/May/2006:14:38:22 -0400] "SEARCH
> > /\x90\xc9\xc9\xc9\xc9\xc9\
> >
> xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
> >\xc9\.... ....90\x90\x90\x90\x90\x90\x90\x....
> >
> > those characters repeat for a long time.... why?
>
> Heh. Thats shell code. You are being hit by an exploit of some
> kind, most likely for MS's IIS horror.
>
> x90 is a NOP for i386. Yup, definitely something designed to
> slither into a system. ;-)
>
> --STeve Andre'
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20060503/1702dc85/attachment.html
More information about the linux-user
mailing list