Results 1 to 3 of 3
  1. #1

    unusual/erroneous URI requests


    lately, I've noticed an increase in erroneous requests like this one:

    ## access_log file - - [25/Sep/2006:11:59:34 -0400] "Accept-Language: en-us,en;q=0.5" 400 - "-" "-"

    and Apache's response is:

    ## error_log file
    [Mon Sep 25 11:59:34 2006] [error] [client] Invalid URI in request Accept-Language: en-us,en;q=0.5

    is this a known vulnerability scanning? please advise, thank you.

  2. #2
    Join Date
    Mar 2003
    Saint Paul, MN
    I don't think so; rather, I believe it's from either a badly-written spider, or a bot trying to "fingerprint" web servers and operating systems. There was a spider going around a week or two ago asking for /a/non/existant/file.png, apparently trying really, really hard to generate 404 errors. There was also a spider running around for the longest time that didn't parse subdirectories correctly, and wound up making requests like "GET /directory%0;file.html" over and over and over again... It's just something that happens. - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
    Because Simple Things Should Be Simple - YouCANHasDNS

  3. #3
    the other thing that makes me wonder is that the IP addresses that make the requests are at random and at times, rampant. i was able to extract a list of the addresses and it looks like there's at least 100-125 variations, some are from the same ip block, others are just from the typical providers like comcast and pacbell.

    thanks for the input, btw.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts