On Wed, 2004-07-21 at 05:23, John Morrison wrote: > Hi, > Looking at the root user mail I noticed the following appears frequently > in the logfiles: > > --------------------- httpd Begin ------------------------ > > A total of 2 sites probed the server > 81.51.104.14 > 81.10.211.182 > > A total of 2 unidentified 'other' records logged > GET /sumthin HTTP/1.0 with response code(s) 404 > SEARCH > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x > > The 'SEARCH' line goes on and on for pages (only shown a portion of it > for brevity). I have never seen this before and would like to know what > is happening and should i block the sites that the probe comes from. The > web server is only for my personal development. > > Cheers, > > John > -- When in doubt block it, if it was something legit or important someone will complain to the admin and you can fix it. Looks like an attempt at a buffer overflow possibly. -- Scot L. Harris webid@xxxxxxxxxx Are you still an ALCOHOLIC?
