access log

This is a discussion on access log within the Windows Web Servers forums, part of the Web Server and Related Forums category; I have some access on my server that do the following: "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\...


Go Back   Usenet Forums > Web Server and Related Forums > Windows Web Servers

Reload this Page access log

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-14-2004
tolrahC
 
Posts: n/a
Default access log
I have some access on my server that do the following:
"SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\
-> for several lines and then :
\x90\x90 -> for several lines again

then after it does that :
142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "OPTIONS / HTTP/1.1"
200 -
142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "PROPFIND /SharedDocs
HTTP/1.1" 405 317
142.217.93.222 - - [26/Mar/2004:06:57:15 -0500] "OPTIONS / HTTP/1.1"
200 -
142.217.93.222 - - [26/Mar/2004:06:57:30 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325
142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325
142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325
142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
/Disque%20Dur%20Charles HTTP/1.1" 405 325

/Disque%20Dur%20Charles is the name of my hard drive

The IP is very similar to mine, mine is going 142.217.xxx.xxx too. I
don't know if its my ISP that tries to send something.

If you could help we take, i begin to be a little bit anxious with
that.

I'm using the version 2.0.49

Thank you
  #2 (permalink)  
Old 04-15-2004
lac
 
Posts: n/a
Default Re: access log
tolrahC wrote:
> I have some access on my server that do the following:
> "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x b1\x02\xb1\x02\xb1\x02\xb1\
> -> for several lines and then :
> \x90\x90 -> for several lines again
>
> then after it does that :
> 142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "OPTIONS / HTTP/1.1"
> 200 -
> 142.217.93.222 - - [26/Mar/2004:06:55:33 -0500] "PROPFIND /SharedDocs
> HTTP/1.1" 405 317
> 142.217.93.222 - - [26/Mar/2004:06:57:15 -0500] "OPTIONS / HTTP/1.1"
> 200 -
> 142.217.93.222 - - [26/Mar/2004:06:57:30 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
> 142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
> 142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
> 142.217.93.222 - - [26/Mar/2004:06:57:40 -0500] "PROPFIND
> /Disque%20Dur%20Charles HTTP/1.1" 405 325
>
> /Disque%20Dur%20Charles is the name of my hard drive
>
> The IP is very similar to mine, mine is going 142.217.xxx.xxx too. I
> don't know if its my ISP that tries to send something.
>
> If you could help we take, i begin to be a little bit anxious with
> that.
>
> I'm using the version 2.0.49
>
> Thank you

Looks like MS WebDav exploit:

http://support.microsoft.com/default...b;en-us;815021

You're fine with Apache...

Lac
  #3 (permalink)  
Old 04-15-2004
tolrahC
 
Posts: n/a
Default Re: access log
> Looks like MS WebDav exploit:
>
> http://support.microsoft.com/default...b;en-us;815021
>
> You're fine with Apache...
>
> Lac


Thank you, i installed the patch and I hope it will work ;)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:16 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0