On 19 July 2001, Neil Gunton <[EMAIL PROTECTED]> wrote:
> This isn't related to Embperl really, but I thought it might be
> interesting, since it looks a lot like some kind of hacking attempt... I
> am getting a lot of entries in my apache server log that look like this:
>
> 65.5.173.103 - - [19/Jul/2001:17:08:52 -0400] "GET
>
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
> HTTP/1.0" 400 328
>
> The requests are coming in maybe every half hour or so, each time from
> different IP's. There has never been a file of this name on my server...
> it looks like some kind of buffer overrun attempt, doesn't it? Could the
> codes at the end be the buffer overrun exploit?
Yep, I'm getting hit with a bunch of these, too. Eleven of them so far
today.
Could it be some kind of attack on IIS servers, perhaps? I don't
recognize the .ida extention.
--
# Erik Arneson <[EMAIL PROTECTED]> Web Engineer #
# Mobile: 541.840.3100 GPG Key ID: 1024D/0A2C3C5E #
# Office: 541.774.5391 <http://www.musiciansfriend.com/> #
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
