Do these log entries show someone trying to hack in?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've been getting from error log entries about SNI and hostname are different, and in these cases the SNI used seems to be the correct hostname but with some extra data on the end, for example:
Hostname www.example.com\xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80 provided via SNI and hostname www.example.com provided via HTTP are different 

In this case the extra data was \xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80

but there have been a number of different sets of data, such as:

    A\xe8\x84\xb4A\xc9\xa0\xe0\xa8\xbe\xed\x9c\xbc\xd4\x80

    \xdd\x98\xee\xbd\xa0\xe0\xaf\xb5\xcf\xb8

    \xdd\x9a\xe2\xa4\x90\xe0\xaf\xb0\xcb\xb0

    \xdd\xa0\xee\xbd\xa0\xe0\xaf\xb5\xcf\xb8

    \xe0\xb0\xaf\xe2\xbf\xa8.\xe2\xa8\x80

    \xe0\xb1\x82\xe6\xbb\x98\xdd\x99\xc4\x90
Does anyone have any idea as to what this might be for? Are there any known/possible exploits in Apache that this might be trying to use?
Server Version: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1a running on Ubuntu 

Thanks in advance for any hints/advice.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux