On Mar 15, 2010, Marten Lehmann (nospam-lehmann@xxxxxxxxx) typed: lehman:> Hello, lehman:> lehman:> some of our users noticed, that lines like this appear in their lehman:> logfiles: lehman:> lehman:> 58.187.78.42 - - [14/Mar/2010:04:38:53 +0100] "8\r\xff" 400 226 "-" lehman:> "-" lehman:> lehman:> This has been noticed be different customers on different servers. I lehman:> know that the Referer and Useragent may be empty (shown by the dash), lehman:> but URI part should at least start with GET or POST. lehman:> lehman:> I found nothing with Google on "8\r\xff" but it seems that something lehman:> is talking to our servers with invalid HTTP. Is "8\r\xff" used to lehman:> exploit a webserver, but it simply didn't work out on our servers? Has lehman:> anyone else noticed such entries in the logfiles? It's been a while since Ive seen such malformed requests, but yeah, usually a crack attempt. Thanks S.A. Birl http://concept.temple.edu/ Please do not CC me responses to my own posts. I'll read the responses from the list. Apache archives http://mail-archives.apache.org/mod_mbox/httpd-users/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|