[Apache2] What the heck happened here?

Discussion in 'Windows Desktop Systems' started by Glaanieboy, Sep 24, 2004.

  1. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    (see attached part of the Apache2 httpd log)
    What the heck happened here, that is what I want to know. I have never seen this loooong 'search' string. What did it search for, can it hurt, does it have consequenses (sp)?
    BTW, I traced the IP back to a client who uses the same ISP as I use (Wanadoo Cable NL), so I can easily track the user down if necessary.
     

    Attached Files:

  2. vern

    vern Dominus Political User Folding Team

    Messages:
    1,571
    Location:
    Minnesota, USA
    Maybe someone trying to do a buffer-overflow? If it didn't affect anything ... Your version is probably patched against it.
     
  3. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Agrees, also if you contact your/their ISP, they probably won't do anything unfortunately.
     
  4. cryogenic

    cryogenic OSNN Addict

    Messages:
    241
    Location:
    TN, blah!
    I agree... looks like a buffer overflow exploit. Looks kinda neat in notepad with wordwrap on ;)
     
  5. Skwowwy

    Skwowwy 1337ness

    Messages:
    43
    Location:
    Maastricht, the Netherlands
    Upgrade your Apache2 server to the latest version just in case. ;)

    Also, try to configure the search program to limit the number of characters that can be used. So before Apache evaluates the search parameters fully (i.e. before it starts searching), it's already returning an error that the search string is too long. Or something like that. :p

    Unless I misunderstood what "Search" does there. I'm thinking of a search program on your hosted site, like the Google and Altavista ones. Ya know. xD Oh well.
     
  6. sean.ferguson

    sean.ferguson Moderator Folding Team

    Messages:
    1,693
    Location:
    Fife; Scotland
    yeah glaanie, do a cvsup just in case. Make sure everything is up to date ;)
     
  7. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    It is a Sploit for IIS (I see it all the time on servers i admin). But like the others said, just update. And better be safe than sorry.
     
  8. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Hehe, I should have said it's running on Windows XP ... :eek:
    Anyway, it is the latest version (as of 3 weeks ago) and since it's an IIS exploit, I don't need to worry :D Thanks guys

    (ps, please no flaming because I use XP+apache as a webserver, my freebsd server was broken, so I had to :))
     
  9. sean.ferguson

    sean.ferguson Moderator Folding Team

    Messages:
    1,693
    Location:
    Fife; Scotland
    yeah fix the server :p
     
  10. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Almost, almost. Just got Samba3 running and I am ready to transfer the backups back to the server. Then all I have to do is import MySQL tables + data, reroute the internal IP, then I am all set :)