North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: What HTTP exploit?
On Sun, 30 May 2004 15:43:58 -0500 "John Palmer (NANOG Acct)" <[email protected]> wrote: > Can anyone identify this http exploit? Seen in the apache logs: > foo.bar.com > - - [30/May/2004:02:45:28 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ > x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb > 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ > xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 > etc - and it goes on for about 1200 bytes. > Been getting an annoying number of these in my httpd logs today - it botches up my log analyser program. i just installed the following in my apache configs to get rid of it: # control logging SetEnvIf Request_URI "^/default.ida?" dontlog SetEnvIf Request_Method "SEARCH" dontlog and then later on... CustomLog /var/log/httpd/access_log combined env=!dontlog between the two of them, they were consuming an absurd amount of space in my /var/log partitions. richard -- Richard Welty [email protected] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
|