[GLLUG] Apache2 access_log
Clay Dowling
clay at lazarusid.com
Wed May 3 21:55:39 EDT 2006
Caleb Cushing wrote:
>
> oh... nice... sounds like I now need to improve my security... fun...
> suggestions?
You aren't vulnerable to this attack. I've seen it before (one of the
joys of being on Comcast's network is I get to see all the automated
attacks) and I think it's caused by a virus on the machine that's
attacking you. It definitely looks like script-kiddie work.
Clay
> On 5/3/06, *STeve Andre'* <andres at msu.edu <mailto:andres at msu.edu>> wrote:
>
> On Wednesday 03 May 2006 19:36, Caleb Cushing wrote:
> > what is this?
> >
> > 67.167.118.5 <http://67.167.118.5> - - [03/May/2006:14:38:22
> -0400] "SEARCH
> > /\x90\xc9\xc9\xc9\xc9\xc9\
> >
> xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
>
> >\xc9\.... ....90\x90\x90\x90\x90\x90\x90\x....
> >
> > those characters repeat for a long time.... why?
>
> Heh. Thats shell code. You are being hit by an exploit of some
> kind, most likely for MS's IIS horror.
>
> x90 is a NOP for i386. Yup, definitely something designed to
> slither into a system. ;-)
>
> --STeve Andre'
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
--
CeaMuS
http://www.ceamus.com
Simple Content Management
More information about the linux-user
mailing list