Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
seeing some strange reguests in apache's "access_log" file
I set up an server some time ago just for learning and sharing some vacation pictures with friends. I started reading the access_log-files just now and there is something that concerns me a little. When some one views the pictures I will get an entry something likeCode:
xxx.xxx.xxx.xxx - - [02/Sep/2007:00:32:43 +0300] "GET /shang_hai/thumbs/ssl23362.jpeg HTTP/1.0" 200 47453
but recently I've started seeing entries likeCode:
xxx.xxx.xxx.xxx - - [02/Sep/2007:08:27:10 +0300] "^\x1b\x8d\xeaE\x89\x05iY\x92\x88\xbe\xad\xde\xfaY\xbc\xff\xd6g]\xbc\xa6\x9dc/\xef\x8c\x9f\xfc\xf1^\xcf/6\xdd\xe1\xf5\xc4\xd0\x9e\xf1\x96\xfaV" 501 -
Should I be conserned about this?
lol, it's late, and for some reason that made me laugh. Basically, that's shellcode. It's an indication that someone is trying to exploit your webserver. I would make sure your system is all up to date then maybe add the ip/hostname to hosts.deny.
That's what I was suspecting. I suppose adding anything to hosts.deny wouldn't do too much since all these seem to come from different IPs from different ISPs, even different countries... I got 11 new IP's last night alone.
So all I can do is just keep everything up to date and observe?
My server gets 10 times more exploit attempts than usual visitors
There's a service that can automatically add hosts to hosts.deny or iptables based on certain criteria, I forget what it's called, but it might be worth looking into.