lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <c9a09d00903310730u369ce80are89b486c116dd6d4@mail.gmail.com>
Date: Tue, 31 Mar 2009 16:30:50 +0200
From: "Jan G.B." <ro0ot.w00t@...glemail.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Random HTTP-Requests

Hi there,

I've noticed that some weird requests are showing up in the error logs
of one of my apache webservers.
The requests seem to have the following in common:

* GET Request on some random alphanumeric string like "GET /hDMe9NS"
* Referer has some randomized, invalid URL like
http://www.kSJn32.com/ckJMSC/kSMSR/mndm/sads.html

Every domain that showed up wasn't registered - no DNS reply or whatsoever.


Here's an example out of my Log file ( I slightly modified the random
strings - just in case ;))

[Tue Mar 30 10:12:41 2009] [error] [client 124.236.*.*] File does not
exist: /var/www/foo.bar/web/hFBeX7EK, referer:
http://www.ruyidqpg.com/SJQubgQP/QenlI/_n2Pn/_px/Uph/wSBf_l/leJB/C8Y00EIPfD07U/AO8lnzhgAl/SD70gA8Jg/nfA013J/ZOWAgYCZ/DOf7hg.html

The amount of random directories isn't constant.

Any Ideas what is causing these requests? Is it a well known worm?
What could it be.. what for..?
The Server is Running Apache with PHP, the main application is made
with the symfony framework.

Thanks, Regards



PS: You believe this doesn't belong into this mailing list? Sorry, I'm
not interested - keep it to yourself.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ