LogWatch
John Morrison
jmorrison at snspix.com
Wed Jul 21 09:23:40 UTC 2004
Hi,
Looking at the root user mail I noticed the following appears frequently
in the logfiles:
--------------------- httpd Begin ------------------------
A total of 2 sites probed the server
81.51.104.14
81.10.211.182
A total of 2 unidentified 'other' records logged
GET /sumthin HTTP/1.0 with response code(s) 404
SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x
The 'SEARCH' line goes on and on for pages (only shown a portion of it
for brevity). I have never seen this before and would like to know what
is happening and should i block the sites that the probe comes from. The
web server is only for my personal development.
Cheers,
John
--
More information about the fedora-list
mailing list