Looks like there trying to run an isapi module on your server. You'd only be effected if you were using IIS on a winblows box. ----- Original Message ----- From: "Gregory Nowak" <greg@xxxxxxxxxxxxxxx> To: <speakup at braille.uwo.ca> Sent: Sunday, June 09, 2002 8:09 PM Subject: is this an attack attempt? > Hi all, > > I've noticed a small number of entries like the one below in my /var/log/apache/access_log file. In the below sample, "x.x.x.x" represents the ip address. > > > x.x.x.x - - [09/Jun/2002:18:54:52 -0500] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 334 > > > Is someone or actually a group of people trying to compromise my web server? Is it possible to tell from the above log entry how they are trying to compromise apache? Thanks. > Greg > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >
