I’ve been searching through my system logs and found what appears to be hacking attempts through apache.
Unfortunately I am pretty green when it comes to this sort of thing. So, I’m sure I have what would seem to be very basic questions to some.
I do have system logs, ip addresses, and times so if it is warranted, the cops will be notified
Can somebody tell me what the hacker is doing here:
"GET /default.ida?X………(lots of X’s)………X %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 300 "-" "-"
and similarly
"SEARCH /\x90\x02\xb1\...... (“x02\xb1\” repeats hundreds of times) .........\ x02\xb1\x90\...(repeats hundreds of times)...\x90\x90\x90\x90\x90\x90" 414 341 "-" "-"
These appear to be the two types of attempts
How do I know if my system has been compromised? (apart from logs obviously and changes to files)
What do the end messages mean ie u0000%u00=a HTTP/1.0" 404 300 "-" "-" or " 414 341 "-" "-" or " 400 300 "-" "-"
Regards, Phill
|
smime.p7s
Description: S/MIME cryptographic signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html