Very long URL with malice intended
Toni Heinonen
Toni.Heinonen at teleware.fi
Wed Mar 31 07:31:37 PST 2004
> On Sat, 27 Mar 2004 15:50:53 -0600, Jack L. Stone wrote:
> >At 08:28 PM 3.27.2004 +0100, Cordula's Web wrote:
> >>>Within the past couple of weeks, the Apache logs have shown a new
> >>>type of intrusion -- a very, very long URL request...
> >>>
> >>>My question is what syntax can I add, if any, to my httpd.conf to
> >>>redirect such requests..??
> >>>
> >>>65.35.186.74 - - [26/Mar/2004:19:01:04 -0600] "SEARCH
> >>>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\...
> >>
> >>Are only SEARCH requests affected, or GET as well?
>
> Hey all. A question from a heretofore unrevealed skulker :^>. Was this
> question ever answered off-list? My own box is getting hit quite often
> with these & I'm concerned that they might be causing harm. thks
Don't be concerned, those are probably worms looking for IIS holes or the like. Since you're running Apache you're not vulnerable.
More information about the freebsd-questions
mailing list