Re: strange httpd error log response

[Alan McLean <alan_mclean () mac com>]

I also have my logs filling up with these type of messages. Pages and  
pages long. Perhaps a worm of some kind? I am using Apache 1.3.3 /   
mod_security / mod_ssl /PHP
Should I be contacting the remote IP responsible for these messages?

--Alan Mclean



On 9-Jun-04, at 5:28 AM, Ralph Brown wrote:

> > I have recently overhauled my server, and am now using Fedora Core 2.  
> >  With it came the newest version of Logwatch, 5.1. I have used  
> > Logwatch  with RH 9.X, and was very happy with it.
> > After running Logwatch a few times, I am getting the following  
> > message  (report to root). I do not understand it and wonder if it is  
> > a bug,  setting error, or ? Please advise and/or explain.
> > --------------------------------------------------
> >  --------------------- httpd Begin ------------------------
> > A total of 4 unidentified 'other' records logged
> >   SEARCH  /  
> > \x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02  
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
> > 02 \xb1\x0... (this repeats numerous times...)
> > ---------------------------------------------------
> > Suggestions please. Thank you in advance!
> > Ralph
> > "Forget world peace...
> > Try using your turnsignal"
> > ~~~~~~~~~~~~~~~~~~~~
> > Ralph Brown
> > rbrown () policing net
>
>
> ----------------------------------------------------------------------- 
> ----
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545  
> offany course! All of our class sizes are guaranteed to be 10 students  
> or lessto facilitate one-on-one interaction with one of our expert  
> instructors.Attend a course taught by an expert instructor with years  
> of in-the-fieldpen testing experience in our state of the art hacking  
> lab. Master the skillsof an Ethical Hacker to better assess the  
> security of your organization.Visit us  
> at:http://www.infosecinstitute.com/courses/ 
> ethical_hacking_training.html
> ----------------------------------------------------------------------- 
> -----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------