[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: httpd log format - access_log filled with crap

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: httpd log format - access_log filled with crap
From: Greg Thomas <get_(_dot_)_lists_(_at_)_gmail_(_dot_)_com>
Date: Thu, 3 Feb 2005 11:21:53 -0800
Reply-to: Greg Thomas <get_(_dot_)_lists_(_at_)_gmail_(_dot_)_com>

Check the archives here, too.  They are attempts to exploit an MS IIS
box.  I think there were some interesting suggestions for handling
these attempts on misc awhile back.


On Thu, 3 Feb 2005 20:09:22 +0100, Maxim Bourmistrov
<maxim_(_at_)_chl_(_dot_)_chalmers_(_dot_)_se> wrote:
> 1. Nothing to do with OpenBSD , ask Apache Foundation
> 2. Exploitation in action?!
> 
> On Thursday 03 February 2005 19:56, Andreas Bartelt wrote:
> > Hi all,
> >
> > my httpd access_log gets filled with weird requests like this one:
> >
> > 213.123.128.9 - - [03/Jan/2005:16:16:12 +0100] "SEARCH
> > /\x90\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x0
> > 21\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x0
> >21\x021\x021\x021\x021\x021\x021\x021\
> > x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\x021\
> >x021\x021\x021\x021\x021\x021\x021\x02 ...
> > x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90
> >\x90\x90\x90\x90\x90\x90\x90\x90\x90\x
> > 90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
> >x90\x90\x90\x90\x90\x90\x90\x90\x90\x9 ...
> >
> > These entries are *many* pages long!
> >
> > Obviously I need to adjust the logging format to truncate these useless
> > entries, but I don't know how to do it.
> >
> > The logging directives in my httpd.conf are the following (these are the
> > obsd defaults):
> >
> > #
> > # The following directives define some format nicknames for use with
> > # a CustomLog directive (see below).
> > #
> > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> > combined
> > LogFormat "%h %l %u %t \"%r\" %>s %b" common
> > LogFormat "%{Referer}i -> %U" referer
> > LogFormat "%{User-agent}i" agent
> >
> > Can anybody give me a hint how to adjust these entries to get rid of or
> > truncate these unwanted entries? Perhaps this should be changed in the
> > obsd default httpd.conf, too - or am I the only one with these annoying
> > entries?
> >
> > Regards,
> > Andreas

References:
- httpd log format - access_log filled with crap
  - From: Andreas Bartelt
- Re: httpd log format - access_log filled with crap
  - From: Maxim Bourmistrov

Prev by Date: Re: httpd log format - access_log filled with crap
Next by Date: Re: ipsec passthrough freezes
Previous by thread: Re: httpd log format - access_log filled with crap
Next by thread: Re: httpd log format - access_log filled with crap
Index(es):
- Date
- Thread

Visit your host, monkey.org