[olug] Scared Newbie SysAdmin
Dave Hull
dphull at insipid.com
Wed Jan 29 21:27:54 UTC 2003
> On Wed, Jan 29, 2003 at 12:49:53PM -0800, Eric Penne wrote:
> > I received these in my apache logs today. I'm checking them
> > vigilantely.
> >
> > What exactly are they trying to do?
snip
> > error log:
> >
> > [Tue Jan 28 10:44:39 2003] [error] [client 202.110.215.102] chunked
> > Transfer-Encoding forbidden: /index.php
> > [Tue Jan 28 10:44:48 2003] [error] [client 202.110.215.102] chunked
> > Transfer-Encoding forbidden: /index.php
> > [Tue Jan 28 13:17:58 2003] [error] [client 218.104.228.46] Invalid URI
> > in request GET x HTTP/1.0
> > [Tue Jan 28 22:43:29 2003] [error] [client 66.40.9.49] client sent
> > HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> > [Tue Jan 28 22:43:30 2003] [error] [client 66.40.9.49] chunked
> > Transfer-Encoding forbidden: /index.php
I believe they are attempting to exploit a chunk vulnerability in apache.
Go google on "chunk vulnerability".
--
Dave Hull
http://insipid.com
"It's hard to find people in society who can administer UNIX and professionally
carry a weapon."
-- Jim Williams, former FBI Computer Intrusion Squad agent
[Mr. Williams hasn't found me. -- DPH]
More information about the OLUG
mailing list