Date: Wed, 31 Mar 2004 11:30:16 -0600 From: "GROG! (Jeff Howie)" <GROG@bugHLT.org> To: freebsd-questions@freebsd.org Subject: Re: Very long URL with malice intended Message-ID: <20040331173016.GA19048@sting.grogsworld.org> In-Reply-To: <B36C365832C90E47A37F4FFCDDEFC46D3D6041@hkisrv08.tw.fi> References: <B36C365832C90E47A37F4FFCDDEFC46D3D6041@hkisrv08.tw.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 31, 2004 at 06:32:53PM +0300, Toni Heinonen wrote: >>On Sat, 27 Mar 2004 15:50:53 -0600, Jack L. Stone wrote: >>>At 08:28 PM 3.27.2004 +0100, Cordula's Web wrote: >>>>>Within the past couple of weeks, the Apache logs have shown a new >>>>>type of intrusion -- a very, very long URL request... >>>>> >>>>>My question is what syntax can I add, if any, to my httpd.conf to >>>>>redirect such requests..?? >>>>> >>>>>65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH >>>>>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\... >>>> >>>>Are only SEARCH requests affected, or GET as well? >> >>Hey all. A question from a heretofore unrevealed skulker :^>. Was >>this question ever answered off-list? My own box is getting hit >>quite often with these & I'm concerned that they might be causing >>harm. thks > >Don't be concerned, those are probably worms looking for IIS holes or >the like. Since you're running Apache you're not vulnerable. ah. That's what I wanted to hear, annoying but harmless. Thanks to both you & Nick for your speedy responses. seeyah -- GROG! __^__ Our vision is to speed up time, eventually thks /(o o)\ eliminating it. -- Alex Schure --oOO==(_)==OOo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040331173016.GA19048>