Weird entry in server log

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

This logfile entry is from the laptop(win2k server) that I do all of my scripting/design testing on. Nothing of importance is kept on this machine, I slack on updates becouse I play with(and break) alot of things (still learning)

My question is, does this look like somthing serious or perhaps just a kid poking thier head around?

I remember reading about a buffer somthing or another vulnerability, and remembering that made me wonder about this one.
NOTE: I added some spaces to keep it from blowing up ozzus tables.

Code: [ Select ]
2004-04-11 01:08:39 221.188.99.32 - -.---.---.--- --
SEARCH /AAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAA AAAAAAAAAAAA
AAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAA
AAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAA
AAAAAAAAAA AAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAA AAAAAAAAA AAAA??
???? ????????? ??????????????? ???????## ##?????????

?rmomd dddddisjhnegddddd ddloh ddplokdep nqlojldllo skjndiim rlimdddd ddrf
smlgrpeh ggpdidjlfrj ikljijljljskgk hjlipkgkjj gloqpidjndjjnd fididjl dddddd hdigss
ejlgslss khfmlosljnd dlopjlgpdelidl oilspig lgpdd hidiks sijdhi dikssi jdlillip dkhdm
loqpg gpdidigs sijdpssij edieijl ohigp loihflk ldgqii flokffd dgsig gpmh mhen qdgpi
ggqods oredgnqjk hdlpepodq dgqnhd rosego eskirki nloinfh dgqqjjl odphol oin
epdgq qlodhlod gpinoi rimp grlhf ssss ssnie kddk pesk mdnr lsom ksqd smlsr lndr
rsprr djddd gfdddddd dddddd hqinm dddd gddd dddd hddd dddss ssddd doldd
ddddd ddddddd hddddd dddd dddd dddd dddd dddd dddd dddd dddd ddddddd
dddd ddddd ddddd dddddd dddd dddrl dddd dddr eson drdd ohdm pqfe oldehp
pqfe ihjljm kgfd kdkf jsjkk fjejq fdjgj ejrjr jskh fdjfji fdkfk ijrfdj mjrf dhh hsig fdjqjs jhjifrd qdqd nfhdd dddd dddd dddd nigldi pkrei mjom hreim jomhr eimj omh mnh ijkm hrgi mjo mhjf hijim hrgi mjo mhlr hjje mhr nimj omh lrhjjs mhrg imjom hreim jnmh ljimjo mhjfi egjm hrlim jomh rkknj dmhr dimjo mhifj mjgjlr eimjo mhdd dddd dddd dddd dddd dddd dddd dddd dddddd dddddd dddddd idhiddd
  1. 2004-04-11 01:08:39 221.188.99.32 - -.---.---.--- --
  2. SEARCH /AAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAA AAAAAAAAAAAA
  3. AAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAA
  4. AAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAA
  5. AAAAAAAAAA AAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  6. AAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAA AAAAAAAAA AAAA??
  7. ???? ????????? ??????????????? ???????## ##?????????
  8. ?rmomd dddddisjhnegddddd ddloh ddplokdep nqlojldllo skjndiim rlimdddd ddrf
  9. smlgrpeh ggpdidjlfrj ikljijljljskgk hjlipkgkjj gloqpidjndjjnd fididjl dddddd hdigss
  10. ejlgslss khfmlosljnd dlopjlgpdelidl oilspig lgpdd hidiks sijdhi dikssi jdlillip dkhdm
  11. loqpg gpdidigs sijdpssij edieijl ohigp loihflk ldgqii flokffd dgsig gpmh mhen qdgpi
  12. ggqods oredgnqjk hdlpepodq dgqnhd rosego eskirki nloinfh dgqqjjl odphol oin
  13. epdgq qlodhlod gpinoi rimp grlhf ssss ssnie kddk pesk mdnr lsom ksqd smlsr lndr
  14. rsprr djddd gfdddddd dddddd hqinm dddd gddd dddd hddd dddss ssddd doldd
  15. ddddd ddddddd hddddd dddd dddd dddd dddd dddd dddd dddd dddd ddddddd
  16. dddd ddddd ddddd dddddd dddd dddrl dddd dddr eson drdd ohdm pqfe oldehp
  17. pqfe ihjljm kgfd kdkf jsjkk fjejq fdjgj ejrjr jskh fdjfji fdkfk ijrfdj mjrf dhh hsig fdjqjs jhjifrd qdqd nfhdd dddd dddd dddd nigldi pkrei mjom hreim jomhr eimj omh mnh ijkm hrgi mjo mhjf hijim hrgi mjo mhlr hjje mhr nimj omh lrhjjs mhrg imjom hreim jnmh ljimjo mhjfi egjm hrlim jomh rkknj dmhr dimjo mhifj mjgjlr eimjo mhdd dddd dddd dddd dddd dddd dddd dddd dddddd dddddd dddddd idhiddd


It keeps going on like that and finally ends with -404-
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Think I fixed it whatever it is.
I noticed that every time this happened there was a GET request to my default document with this for the user_agent
Code: [ Select ]
200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98)

followed by SEARCH -411- Then whats in my original post. Always the same user_agent, pattern, and ramble jumble of letters.
I looked this UA up on Google and found people asking the same question I was so I decided to try this,
I added this to my default document and 404 error page and haven't seen any of the questionables in my log since :D
Code: [ Select ]
<%
    Dim who,goFyourself

    who = Request.ServerVariables("HTTP_USER_AGENT")
    If who = "200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98)" Then
        goFyourself = Request.Servervariables("REMOTE_ADDR")
        Response.Redirect(goFyourself)
    End If
%>
  1. <%
  2.     Dim who,goFyourself
  3.     who = Request.ServerVariables("HTTP_USER_AGENT")
  4.     If who = "200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98)" Then
  5.         goFyourself = Request.Servervariables("REMOTE_ADDR")
  6.         Response.Redirect(goFyourself)
  7.     End If
  8. %>

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 34 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.