Apache Requests

    Date: 03/16/05 (Apache)    Keywords: web, google

    This is in regards to "SEARCH /\x90\xc9\xc9\xc9\xc9... etc." showing up in the server logs.

    I googled around and found this article telling me to have no reason to worry, and this article on how to disable logging of request strings that are too long. There's also a news article briefly describing the exploit. A post request is made as well: "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404

    I guess this is my curious side taking over. My IP address is *.45.61, I'm on a college residental network. The requests always come from with the same prefix -- *.37.86, or *.15.95, or *.37.238 - it changes every time. Why? What is triggering these addresses to access my webhost?

    Also, what kind of exploit is this? From the trend I'm seeing, making a quick post to that file right after an overflowing URI is probably the bug, but I guess I'm more curious as to what exactly can be accomplished from that.

    Thanks for any info :)

    Source: http://www.livejournal.com/community/apache/17962.html

« Apache2 in chroot jail,... || index file help »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home