[NTLUG:Discuss] HTTPD access_log
Jack Snodgrass
jack at jacksnodgrass.com
Wed Jul 14 10:11:05 CDT 2004
On Wed, 2004-07-14 at 09:01, David Ross wrote:
> Good Day,
> Hoefully someone can tell me what this is and how to fix it.
> $tail - f /var/log/httpd/access_log
> 66.205.132.183 - - [02/Jul/2004:20:03:40 -0500]
> "SEARCH /\x90\x02\xb1\x02\xb1\x0
> <snipped>
> My web site is very static (default actually) with no search function. I
> gather this to be an exploit due to the NOP code,but I really don't know.
This is hacker trying to exploit a MS Windows WEBDAV Exploit.
SEARCH isn't a default method that Apache understands, so you
don't have anything to worry about. Normally... you can have your
apache logs filter these scans / hack attempts to another log,
but since this isn't a GET/POST... but a SEARCH, you can't filter
these. ( I've tried... if someone figured out how, let me know )
jack
More information about the Discuss
mailing list