lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 14 21:54:54 2006 From: bradcausey at gmail.com (Brad Causey) Subject: Strange HTTP requests Are all of the user strings the same? On 6/14/06, Shannon Johnston <sjohnston@...ionplus.com> wrote: > > It's all from one source IP, but the requests are for various files from > various websites hosted on my servers. Different domains, different > files, even different file types. > It's making about 8-10 GET requests at the same time, then does it again > almost exactly a minute later. > > I can't remember seeing anything like it before. > > SJ > > > On Wed, 2006-06-14 at 22:31 +0200, php0t wrote: > > -----Original Message----- > > From: Shannon Johnston > > Sent: Wednesday, June 14, 2006 10:17 PM > > To: full-disclosure@...ts.grok.org.uk > > Subject: [Full-disclosure] Strange HTTP requests > > > > > I'm seeing a ton of HTTP requests in the following fashion: > > > > > > GET index.html - 80 - <ip address> HTTP/1.1 fuujcbjbGbagkmkGuj7kmgnebl > > > +qekaf - - website.com 302 0 0 532 206 218 > > > The random string would normally be the user-agent. I can't help but > > think this is a bot of some sort. > > > Anybody know of anything that would produce this? > > > > Are they all index.html requests? How often do you get them? From how > > many different IP's? > > It could be just a proxy or a firewall set up to change the user-agent > > to some random string, but whether they're surfers or bots you can tell > > by looking at all such lines - to me, an index.html alone doesn't tell > > me much, maybe others have seen this though and know what it is. > > > > php0t > > www.zorro.hu > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQBEkHKfjeRCqLPCFtoRAvK9AJ90xH45lNtgkt/W+CHmpg4kEBA8dACgw9hS > +tMv1fCDEZ61l7AVy6EZ1Ik= > =YGuc > -----END PGP SIGNATURE----- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- -Brad Causey -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060614/6754288f/attachment.html
Powered by blists - more mailing lists