apache access log entry
Wil McGilvery
wmcgilvery
Mon May 17 11:38:28 PDT 2004
I may be wrong, but it looks similar to the recent openssl worm.
The following is from the Symantec web site.
When performing the scanning, the worm first connects to port 80 of a target machine, to determine if it can communicate to that port. It then sends the following request:
GET / HTTP/1.1\r\n\r\n
Since this is an invalid HTTP 1.1 request, it is missing the "Host:" parameter, a typical Apache server will respond with something similar to the following:
HTTP/1.1 400 Bad Request
Date: Fri, 13 Sep 2002 10:24:13 GMT
Server: Apache/1.3.22 (Unix) (Red-Hat/Linux)
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Regards,
?
Wil McGilvery
Manager, Digital Media
?
Lynch Technologies Inc.
416-744-7191
1-888-622-3729
416-744-0406? FAX
www.lynchdigital.com
-----Original Message-----
From: Kevin O'Gorman [mailto:kogorman at kosmanor.com]
Sent: Thursday, October 03, 2002 1:27 PM
To: Linux Users list
Subject: Re: apache access log entry
I'm not a real expert, but nobody else has answered in a few hours,
so here's my take on it.
It seems somebody tried for your site's main page ("GET /")
and was refused access (400 - bad request). I do not know what
to make of the "-" "-".
++ kevin
On Thu, 3 Oct 2002, Ken Moffat wrote:
> Anyone know what this line might mean in apache access.log?
>
> xxx.xxx.xxx.xx - - [02/Oct/2002:22:25:04 -0700] "GET / HTTP/1.1" 400 385
> "-" "-"
>
> (Sorry about the wrap. The x's were an ip address)
>
_______________________________________________
Linux-users mailing list
Linux-users at linux-sxs.org
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
More information about the Linux-users
mailing list