Results 1 to 11 of 11

Hybrid View

  1. #1
    Join Date
    May 2009
    Location
    India
    Posts
    59

    Unhappy Weird log entry in apache log

    Hey guys,

    I'm running apache webserver in my home computer, i saw a weird line logged by apache, like this

    Code:
     127.0.0.1 - - [07/Oct/2009:15:28:09 +0530] 
    "\xefx\x98\xacc+\xb0\xc3+#\xbe\xa9\xcd.\xc7;E\xa4\x93\x97\xaaD\xe6\xf37C\x81f\x10\x9e`\x8d\v\xe2\x810\xee\x82\xe3\x04~9\x0c\xe5>%;\xf0~\x17\xe0Y\xd0Z\x8d\xab\xec[\xdd\xa3\xaa\x10\x88\x17\ro\xf7\x1f\xd4\xef6\xdan\xa6J\xae\xf7\xac\x8fDK\xa6\xa3T\xf1\x8eA3\xef\x92s5[\xc6\x1e*\xb5W\xda*\xc5\x99\xb0K\xd9\x0c\xac\xe1\xfe>:" 400 226
    a similar line also logged but not from IP, what it could be, what is this btw?

    Code:
    124.xxx.xx.xxx - - [07/Oct/2009:12:44:20 +0530] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\ ... x90\x90\x90\x90\x90\ ... and so on.. it's some what about 3 pages!!!
    is it any kind of danger?

    i also found this
    124.xxx.xx.xxx - - [06/Oct/2009:12:05:11 +0530] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 1183
    need help
    Last edited by bear; 10-11-2009 at 11:02 AM. Reason: quotes to code (formatting)

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    Seems to be run using some script in /tmp. Have a check of your /tmp for nay suspicious script uploaded.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    May 2009
    Location
    India
    Posts
    59
    ah, It's a windows machine

  4. #4
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,201
    Quote Originally Posted by MixMasters View Post
    ah, It's a windows machine
    It appears to be a 400 "Bad Request" error, caused by something creating a HTTP request with weird data (possibly an attempt to hack in via Apache).

    I would install mod_security and set up a good set of rules, and see if it continues.
    Cpanel/WHM • PHP • Perl • Ruby • Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  5. #5
    Join Date
    May 2009
    Location
    India
    Posts
    59

    Talking

    Quote Originally Posted by larwilliams View Post
    It appears to be a 400 "Bad Request" error, caused by something creating a HTTP request with weird data (possibly an attempt to hack in via Apache).

    I would install mod_security and set up a good set of rules, and see if it continues.
    I installed the mod_security and blocked the ip's which were playing with my server in my software firewall, currently i'm using default mod_security settings, please suggest any tips regarding it

  6. #6
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,201
    gotroot.com got some good mod_security rulesets that you may wish to use.
    Cpanel/WHM • PHP • Perl • Ruby • Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  7. #7
    Join Date
    May 2009
    Location
    India
    Posts
    59
    thanks for help now apache is local only, i hope it will stop most of errors

  8. #8
    Join Date
    Sep 2007
    Posts
    369

    *

    Quote Originally Posted by MixMasters View Post
    thanks for help now apache is local only, i hope it will stop most of errors
    Hello,

    Hope you are fine and have good health, can you please explain local means?
    Thanks,
    Noman
    noman@linuxonsupport.com
    O Canada, we stand on guard for thee

  9. #9
    Join Date
    May 2009
    Location
    India
    Posts
    59
    works in http://localhost/ only ^_^

  10. #10
    Join Date
    Sep 2007
    Posts
    369

    *

    Quote Originally Posted by MixMasters View Post
    works in http://localhost/ only ^_^

    oh cool
    Thanks,
    Noman
    noman@linuxonsupport.com
    O Canada, we stand on guard for thee

  11. #11
    Join Date
    May 2009
    Location
    India
    Posts
    59
    i only use that server for testing my clients designs, and php scripts after looking that log i thought it's good if it's a local webserver

Similar Threads

  1. Apache frequently unresponsive and strage error log entry looking for mdqt.php
    By hostchamp in forum Hosting Security and Technology
    Replies: 9
    Last Post: 04-12-2008, 05:27 PM
  2. Weird Apache behaviour
    By zoli in forum Hosting Security and Technology
    Replies: 9
    Last Post: 02-19-2008, 04:58 PM
  3. IP Based apache 1.3.36 virtual entry?
    By n00ber in forum Hosting Security and Technology
    Replies: 5
    Last Post: 07-10-2006, 11:05 AM
  4. Strange entry in apache logs
    By beet in forum Hosting Security and Technology
    Replies: 4
    Last Post: 05-29-2005, 06:04 PM
  5. Weird "lastlog" entry showing
    By EviL_SmUrF in forum Hosting Security and Technology
    Replies: 8
    Last Post: 03-04-2005, 02:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •