[GLLUG] Apache2 access_log

Caleb Cushing xenoterracide at gmail.com
Wed May 3 20:01:11 EDT 2006


I googled for the first part of which I pasted and got no results. and no
this is an apache2 (hint see subject line) Linux Server. I'll try a little
more see if I get anything...
>
>
>
> On 5/3/06, STeve Andre' <andres at msu.edu> wrote:
> >
> > Well, maybe not.  It isn't YOU that is causing this, its a vandal
> > at the other end of the line, or its a bot or otherwise infected
> > machine that is pawing at you.
> >
> > You aren't running ISS, I hope...
> >
> > If you aren't, then you are likely safe.  Note that I say likely,
> > because I don't know what this is.  x90 is a really good clue
> > that its i386 specific though.  Hmmm.  Google for some of
> > that string and see what you get?
> >
> > On Wednesday 03 May 2006 19:47, you wrote:
> > > oh... nice... sounds like I now need to improve my security... fun...
> > > suggestions?
> > >
> > > On 5/3/06, STeve Andre' <andres at msu.edu> wrote:
> > > > On Wednesday 03 May 2006 19:36, Caleb Cushing wrote:
> > > > > what is this?
> > > > >
> > > > > 67.167.118.5 - - [03/May/2006:14:38:22 -0400] "SEARCH
> > > > > /\x90\xc9\xc9\xc9\xc9\xc9\
> > > >
> > > >
> > xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\x
> > > >c9
> > > >
> > > > >\xc9\.... ....90\x90\x90\x90\x90\x90\x90\x....
> > > > >
> > > > > those characters repeat for a long time.... why?
> > > >
> > > > Heh.  Thats shell code.  You are being hit by an exploit of some
> > > > kind, most likely for MS's IIS horror.
> > > >
> > > > x90 is a NOP for i386.  Yup, definitely something designed to
> > > > slither into a system. ;-)
> > > >
> > > > --STeve Andre'
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20060503/1c019704/attachment.html


More information about the linux-user mailing list