[wplug] odd looking entries in httpd-access.log
Bill Moran
wmoran at potentialtech.com
Sat Jun 10 18:19:25 EDT 2006
"Daniel McQuay" <simplebob at gmail.com> wrote:
> Hello List,
>
> I was just going through some log files and ran across some weird entries in
> my httpd-access.log.
>
> 71.116.248.152 - - [04/Jun/2006:14:50:13 -0400] "SEARCH
> /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
> \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
>
> for this email i left out several lines of this but has any one ever seen
> this sort of thing before? I suspect that it's some sort of exploit.
It's an attempt to exploit a buffer overflow. I'm not sure which one, but
I'm certain a few searches will turn up some exact details.
--
Bill Moran
Not as deceiving as a low down dirty... deceiver.
Jayne Cobb
More information about the wplug
mailing list