Alle 11:23, mercoledì 21 luglio 2004, John Morrison ha scritto: > Hi, > Looking at the root user mail I noticed the following appears frequently > in the logfiles: > > --------------------- httpd Begin ------------------------ > > A total of 2 sites probed the server > 81.51.104.14 > 81.10.211.182 > > A total of 2 unidentified 'other' records logged > GET /sumthin HTTP/1.0 with response code(s) 404 > SEARCH > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x >b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x >02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x >b1\x > > The 'SEARCH' line goes on and on for pages (only shown a portion of it > for brevity). I have never seen this before and would like to know what > is happening and should i block the sites that the probe comes from. The > web server is only for my personal development. it's the IIS WebDAV exploit http://www.microsoft.com/technet/security/bulletin/ms03-007.aspx no problem with apache on *nix. Gio -- Fedora Core 1 @ 11:35:24 up 54 days, 20:22, 3 users
