Results 1 to 11 of 11
Thread: Weird log entry in apache log
Hybrid View
-
10-11-2009, 11:00 AM #1Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
Weird log entry in apache log
Hey guys,
I'm running apache webserver in my home computer, i saw a weird line logged by apache, like this
Code:127.0.0.1 - - [07/Oct/2009:15:28:09 +0530] "\xefx\x98\xacc+\xb0\xc3+#\xbe\xa9\xcd.\xc7;E\xa4\x93\x97\xaaD\xe6\xf37C\x81f\x10\x9e`\x8d\v\xe2\x810\xee\x82\xe3\x04~9\x0c\xe5>%;\xf0~\x17\xe0Y\xd0Z\x8d\xab\xec[\xdd\xa3\xaa\x10\x88\x17\ro\xf7\x1f\xd4\xef6\xdan\xa6J\xae\xf7\xac\x8fDK\xa6\xa3T\xf1\x8eA3\xef\x92s5[\xc6\x1e*\xb5W\xda*\xc5\x99\xb0K\xd9\x0c\xac\xe1\xfe>:" 400 226
Code:124.xxx.xx.xxx - - [07/Oct/2009:12:44:20 +0530] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\ ... x90\x90\x90\x90\x90\ ... and so on.. it's some what about 3 pages!!!
i also found this
124.xxx.xx.xxx - - [06/Oct/2009:12:05:11 +0530] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 1183Last edited by bear; 10-11-2009 at 11:02 AM. Reason: quotes to code (formatting)
-
10-11-2009, 11:12 AM #2Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
Seems to be run using some script in /tmp. Have a check of your /tmp for nay suspicious script uploaded.
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
10-11-2009, 11:14 AM #3Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
ah, It's a windows machine
-
10-11-2009, 11:51 AM #4Web Hosting Master
- Join Date
- Jan 2008
- Location
- St. John's, NL
- Posts
- 2,201
Cpanel/WHM • PHP • Perl • Ruby • Full Time Support
LCWSoft - Canada web hosting (based in Newfoundland) since 2007
Servers based in the US and Canada (Uptime Report)
-
10-11-2009, 12:15 PM #5Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
-
10-11-2009, 12:25 PM #6Web Hosting Master
- Join Date
- Jan 2008
- Location
- St. John's, NL
- Posts
- 2,201
gotroot.com got some good mod_security rulesets that you may wish to use.
Cpanel/WHM • PHP • Perl • Ruby • Full Time Support
LCWSoft - Canada web hosting (based in Newfoundland) since 2007
Servers based in the US and Canada (Uptime Report)
-
10-11-2009, 12:36 PM #7Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
thanks for help now apache is local only, i hope it will stop most of errors
-
10-11-2009, 12:53 PM #8Aspiring Evangelist
- Join Date
- Sep 2007
- Posts
- 369
-
10-11-2009, 02:13 PM #9Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
works in http://localhost/ only ^_^
-
10-11-2009, 02:14 PM #10Aspiring Evangelist
- Join Date
- Sep 2007
- Posts
- 369
-
10-11-2009, 02:25 PM #11Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
i only use that server for testing my clients designs, and php scripts after looking that log i thought it's good if it's a local webserver
Similar Threads
-
Apache frequently unresponsive and strage error log entry looking for mdqt.php
By hostchamp in forum Hosting Security and TechnologyReplies: 9Last Post: 04-12-2008, 05:27 PM -
Weird Apache behaviour
By zoli in forum Hosting Security and TechnologyReplies: 9Last Post: 02-19-2008, 04:58 PM -
IP Based apache 1.3.36 virtual entry?
By n00ber in forum Hosting Security and TechnologyReplies: 5Last Post: 07-10-2006, 11:05 AM -
Strange entry in apache logs
By beet in forum Hosting Security and TechnologyReplies: 4Last Post: 05-29-2005, 06:04 PM -
Weird "lastlog" entry showing
By EviL_SmUrF in forum Hosting Security and TechnologyReplies: 8Last Post: 03-04-2005, 02:07 AM