Segmentation Fault: Core dumped..;-)

Interesting entry in my web server logs. Someone has an infected/hacked computer..:-)

Posted : June 2, 2004 at 6:59 pm [America/Los_Angeles]

Here’s what I had in my error_log:

[Wed Jun 02 03:30:21 2004]
[error] [client 69.81.6.80] request failed: URI too long (longer than 8190)

A quick nslookup gave me:

Name:    user-12l21ig.cable.mindspring.com
Address:  69.81.6.80

The access_log had the following (abbreviated version):

69.81.6.80 - - [02/Jun/2004:03:30:21 -0400] "SEARCH /x90x02xb1x02xb1x02xb1x02
xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1
x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02
xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1
x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02
xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1
x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02
xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1
x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02xb1x02
xb1x02xb1x02xb1x02xb1x02xb1x02xb1
...

…

0x90x90x90x90x90x90x90x90x90x90x90x90″ 414 437

A quick wc -c showed that this crap goes on for 29231 characters!

Should I do something about it?

Update:

Thanks to Jason, I got this link which basically sums this entry up rather well:

“It is an IIS WebDAV exploit from April 2003 (?), apache is not affected, its just annoying (nachi and agobot use this exploit)”

- Anand

Category: Security |

Viewed: 1724 times

Anand Sharma’s weblog: A peek into life through “my” bioscope

Interesting entry in my web server logs. Someone has an infected/hacked computer..:-)

Posted : June 2, 2004 at 6:59 pm [America/Los_Angeles]

3 Comments »

Leave a Comment