These appear to be escaped characters from a binary blob, which could be
someone trying to inject malicious code, but I really don't think apache
has anything that makes it interpret hostnames as C-styled escaped strings.
Em 24-05-2013 10:26, plot.lost escreveu:
I've been getting from error log entries about SNI and hostname are
different, and in these cases the SNI used seems to be the correct
hostname but with some extra data on the end, for example:
Hostname www.example.com\xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80
provided via SNI and hostname www.example.com provided via HTTP are
different
In this case the extra data was \xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80
but there have been a number of different sets of data, such as:
A\xe8\x84\xb4A\xc9\xa0\xe0\xa8\xbe\xed\x9c\xbc\xd4\x80
\xdd\x98\xee\xbd\xa0\xe0\xaf\xb5\xcf\xb8
\xdd\x9a\xe2\xa4\x90\xe0\xaf\xb0\xcb\xb0
\xdd\xa0\xee\xbd\xa0\xe0\xaf\xb5\xcf\xb8
\xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80
\xe0\xb1\x82\xe6\xbb\x98\xdd\x99\xc4\x90
Does anyone have any idea as to what this might be for? Are there any
known/possible exploits in Apache that this might be trying to use?
Server Version: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1a
running on Ubuntu
Thanks in advance for any hints/advice.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
