This isn't related to Embperl really, but I thought it might be
interesting, since it looks a lot like some kind of hacking attempt... I
am getting a lot of entries in my apache server log that look like this:
65.5.173.103 - - [19/Jul/2001:17:08:52 -0400] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 328
The requests are coming in maybe every half hour or so, each time from
different IP's. There has never been a file of this name on my server...
it looks like some kind of buffer overrun attempt, doesn't it? Could the
codes at the end be the buffer overrun exploit?
Any clues or ideas? Again apologies for the off-topic post, but I
thought this sort of thing might be interesting to others running
websites. Could it be something to do with this latest Microsoft worm?
It doesn't seem to do anything to Apache 1.3.19, I ran a tripwire check
and nothing seemed to have been changed.
TIA
-Neil
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
