[TriLUG] Odd. Anyone else seeing this in their Apache logs?
Jeremy Portzer
jeremyp at pobox.com
Mon Jan 27 12:59:54 EST 2003
On Mon, 2003-01-27 at 11:15, Brian Daniels wrote:
> Since Tuesday the 21st I'm seeing requests for 'dfasfdsfdsf' in my Apache
> error logs.
>
> 17736 of them so far. (!)
>
> The requests are coming from a Sprint lv.sprint-hsd.net address and a
> Mindspring biz.mindspring.com address. We're getting 1-3 a minute.
>
> I'd think it was some sort of worm, but what can it hope to accomplish by
> trying to GET dfasfdsfdsf?
>
I checked through all the TriLUG web server logs -- we get a lot of
random stuff from worms,etc. -- and had no matches for a grep on
"dfasfdsfdsf".
Are all the hits from just those two IPs? You might consider
tarhole'ing or just blocking those IPs, and just keep a watch for it
from others. I also noticed that Google had no direct hits for that
string (at least until the TriLUG list gets re-indexed!), and neither
did the securityfocus.org site. Definitely odd.
--Jeremy
More information about the TriLUG
mailing list