[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <c9a09d00903310730u369ce80are89b486c116dd6d4@mail.gmail.com>
Date: Tue, 31 Mar 2009 16:30:50 +0200
From: "Jan G.B." <ro0ot.w00t@...glemail.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Random HTTP-Requests
Hi there,
I've noticed that some weird requests are showing up in the error logs
of one of my apache webservers.
The requests seem to have the following in common:
* GET Request on some random alphanumeric string like "GET /hDMe9NS"
* Referer has some randomized, invalid URL like
http://www.kSJn32.com/ckJMSC/kSMSR/mndm/sads.html
Every domain that showed up wasn't registered - no DNS reply or whatsoever.
Here's an example out of my Log file ( I slightly modified the random
strings - just in case ;))
[Tue Mar 30 10:12:41 2009] [error] [client 124.236.*.*] File does not
exist: /var/www/foo.bar/web/hFBeX7EK, referer:
http://www.ruyidqpg.com/SJQubgQP/QenlI/_n2Pn/_px/Uph/wSBf_l/leJB/C8Y00EIPfD07U/AO8lnzhgAl/SD70gA8Jg/nfA013J/ZOWAgYCZ/DOf7hg.html
The amount of random directories isn't constant.
Any Ideas what is causing these requests? Is it a well known worm?
What could it be.. what for..?
The Server is Running Apache with PHP, the main application is made
with the symfony framework.
Thanks, Regards
PS: You believe this doesn't belong into this mailing list? Sorry, I'm
not interested - keep it to yourself.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists