Re: Apache log probe?
On Wed, 19 Nov 2003 21:35:47 -0800 Net Llama! [EMAIL PROTECTED] wrote: On 11/19/03 21:07, Collins Richey wrote: On Wed, 19 Nov 2003 18:56:39 -0800 Ken Moffat [EMAIL PROTECTED] wrote: Collins Richey wrote: On Wed, 19 Nov 2003 17:37:56 -0800 Net Llama! [EMAIL PROTECTED] wrote: On 11/19/03 17:07, Ken Moffat wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ Google is your friend: http://www.webmasterworld.com/forum39/1626.htm An even better friend is plastic or cold hard cash to sign up! g I'll passuntil I'm employed again. I'm lost. Could you not access the link? Yes. the link said sign up to view the listings with an icon to the right to inquire for payment. That's bizarre. That's not at all what i get. All I get is a page inviting subscription and telling the reasons for converting to a subscription service, but ... AHA!!! There is a brief blurb at the top of the page indicating that I am getting this page because they don't like my ISP! So, it turns out that they are just another example of sites that don't like comcast and presume that all comcast users are spammers. Horseshit. I'll not reopen that rant. -- Collins Richey - Denver Area if you fill your heart with regrets of yesterday and the worries of tomorrow, you have no today to be thankful for. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Apache log probe?
Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 [very large SNIP] x90\x90\x90\x90\x90 414 337 - - This happened twice only this morning. -- Ken ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Apache log probe?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 19 Nov 2003 17:07:54 -0800 Ken Moffat [EMAIL PROTECTED] wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 [very large SNIP] x90\x90\x90\x90\x90 414 337 - - This happened twice only this morning. Somewhere in that very large snip, you should have found something like: /bin/sh or command.exe or something. This is typical of a buffer overflow exploit. Ciao, David A. Bandel - -- Focus on the dream, not the competition. Nemesis Racing Team motto GPG key autoresponder: mailto:[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/vBptj31PLQNUbV4RAr49AJ0ZkV15bZBsIdacy8TEdANoltuLxgCdFtOZ /dn57tIq9tUwk55DbDo89pc= =G7SQ -END PGP SIGNATURE- ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Apache log probe?
On 11/19/03 17:07, Ken Moffat wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 [very large SNIP] x90\x90\x90\x90\x90 414 337 - - This happened twice only this morning. Google is your friend: http://www.webmasterworld.com/forum39/1626.htm -- ~ L. Friedman[EMAIL PROTECTED] Linux Step-by-step TyGeMo:http://netllama.ipfox.com 5:35pm up 23:59, 1 user, load average: 0.17, 0.15, 0.10 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Apache log probe?
On Wed, 19 Nov 2003 17:37:56 -0800 Net Llama! [EMAIL PROTECTED] wrote: On 11/19/03 17:07, Ken Moffat wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ Google is your friend: http://www.webmasterworld.com/forum39/1626.htm An even better friend is plastic or cold hard cash to sign up! g I'll pass until I'm employed again. -- Collins Richey - Denver Area if you fill your heart with regrets of yesterday and the worries of tomorrow, you have no today to be thankful for. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Apache log probe?
On Wed, Nov 19, 2003 at 05:07:54PM -0800, Ken Moffat wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 [very large SNIP] x90\x90\x90\x90\x90 414 337 - - This happened twice only this morning. Same thing here, in fact, I happened to be looking at that log when one of them hit... kinda freaky. Myles -- ~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~ +Myles Green [EMAIL PROTECTED], Calgary, AB, Canada+ ~ Slackware-9.1 + CLI + Mutt-1.4.1i + Lynx|Links|eLinks ~ +With all that power, who needs a bloated GUI ??+ ~Alberta Mirror for Linux-SxS.Org: http://linux-sxs.org/~ +~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+ pgp0.pgp Description: PGP signature ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Apache log probe?
On Wed, 19 Nov 2003 18:56:39 -0800 Ken Moffat [EMAIL PROTECTED] wrote: Collins Richey wrote: On Wed, 19 Nov 2003 17:37:56 -0800 Net Llama! [EMAIL PROTECTED] wrote: On 11/19/03 17:07, Ken Moffat wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ Google is your friend: http://www.webmasterworld.com/forum39/1626.htm An even better friend is plastic or cold hard cash to sign up! g I'll pass until I'm employed again. I'm lost. Could you not access the link? Yes. the link said sign up to view the listings with an icon to the right to inquire for payment. -- Collins Richey - Denver Area if you fill your heart with regrets of yesterday and the worries of tomorrow, you have no today to be thankful for. ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users
Re: Apache log probe?
On 11/19/03 21:07, Collins Richey wrote: On Wed, 19 Nov 2003 18:56:39 -0800 Ken Moffat [EMAIL PROTECTED] wrote: Collins Richey wrote: On Wed, 19 Nov 2003 17:37:56 -0800 Net Llama! [EMAIL PROTECTED] wrote: On 11/19/03 17:07, Ken Moffat wrote: Anyone have a clue ? What is this, from my apache/access.log? 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ Google is your friend: http://www.webmasterworld.com/forum39/1626.htm An even better friend is plastic or cold hard cash to sign up! g I'll pass until I'm employed again. I'm lost. Could you not access the link? Yes. the link said sign up to view the listings with an icon to the right to inquire for payment. That's bizarre. That's not at all what i get. -- ~ L. Friedman[EMAIL PROTECTED] Linux Step-by-step TyGeMo:http://netllama.ipfox.com 9:35pm up 1 day, 3:59, 1 user, load average: 0.37, 0.14, 0.05 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://smtp.linux-sxs.org/mailman/listinfo/linux-users