Full Disclosure mailing list archives
Random HTTP-Requests
From: "Jan G.B." <ro0ot.w00t () googlemail com>
Date: Tue, 31 Mar 2009 16:30:50 +0200
Hi there, I've noticed that some weird requests are showing up in the error logs of one of my apache webservers. The requests seem to have the following in common: * GET Request on some random alphanumeric string like "GET /hDMe9NS" * Referer has some randomized, invalid URL like http://www.kSJn32.com/ckJMSC/kSMSR/mndm/sads.html Every domain that showed up wasn't registered - no DNS reply or whatsoever. Here's an example out of my Log file ( I slightly modified the random strings - just in case ;)) [Tue Mar 30 10:12:41 2009] [error] [client 124.236.*.*] File does not exist: /var/www/foo.bar/web/hFBeX7EK, referer: http://www.ruyidqpg.com/SJQubgQP/QenlI/_n2Pn/_px/Uph/wSBf_l/leJB/C8Y00EIPfD07U/AO8lnzhgAl/SD70gA8Jg/nfA013J/ZOWAgYCZ/DOf7hg.html The amount of random directories isn't constant. Any Ideas what is causing these requests? Is it a well known worm? What could it be.. what for..? The Server is Running Apache with PHP, the main application is made with the symfony framework. Thanks, Regards PS: You believe this doesn't belong into this mailing list? Sorry, I'm not interested - keep it to yourself. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Random HTTP-Requests Jan G.B. (Mar 31)
- Re: Random HTTP-Requests Andres Riancho (Mar 31)
- Re: Random HTTP-Requests Jan G.B. (Mar 31)
- Re: Random HTTP-Requests Andres Riancho (Mar 31)