Fedora Linux Support Community & Resources Center
Old 1st July 2007, 01:57 AM
jms318 Offline
Registered User
Join Date: Jan 2007
Age: 37
Posts: 15
apache access logs

I'm learning apache and have just begun to learn how to read its access logs.
here is a log I'm not sure what it means?
Code: - - [30/Jun/2007:15:17:11 -0400] "SEARCH /\x90\xc9\xc9\xc9\........ ""  
and this continues for about 200 lines in  the log file and ends with"" 414 326
since this is not a get command is someone trying to gain control of the server or doing a password brut force entry?
just trying to figure out what is happening.

Reply With Quote
Old 1st July 2007, 05:02 AM
Zotter Offline
Registered User
Join Date: May 2004
Location: Central Wyoming
Posts: 640
Someone trying to crack into your server. It's pretty common and mostly ineffectual. Most of those kinds of attacks are targeted towards IIS servers. They simply bounce off Apache.

However, I do suggest taking a look at the RedHat documentation on securing your web server and explore mod_security for your purposes. Apache can be penetrated - but just not by IIS exploits.

If it ain't broken - you're not really trying....
Registered Linux user #227845
Reply With Quote
Old 5th July 2007, 12:08 PM
barf Offline
Registered User
Join Date: Dec 2004
Location: UK
Age: 62
Posts: 276
A little additional info as your starting out. 400 type reponse codes (like 414) mean your server rejected the request, the 326 is the size of the rejection message and if you trawl through your httpd.conf file you will find a list of the repsonse messages.
Stop making excuses, start making progress.
Reply With Quote
Old 5th July 2007, 12:44 PM
glennzo Offline
Un-Retired Administrator
Join Date: Mar 2004
Location: In your closet
Posts: 15,549
This is interesting and got my curiosity aroused so I was looking at my access_log. There's loads of hits from 1 ip address, but it looks as thought they're just looking at some pics I put up on the wiki. Same for a few other ip's. Makes sense as I e-mailed a few relatives telling them to 'have a look at these photos'. But there are a few curious lines, like this: - -"GET / HTTP/1.0" 301 - "-" msnbot/1.0 (+http://search.msn.com/msnbot.htm)"
and - - "GET /robots.txt HTTP/1.0" 404 298 "-" "msnbot/1,0 (+http://search.msn..com/msnbot.htm"
I'm not familiar with what these logs should look like. Normal stuff or hand grenade time?

Edit: Interesting. In a terminal, the command tail -f /etc/httpd/logs/access_log gives me a real time look at the hits on the wiki. I'm using a second tab in Firefox on another computer and accessing the wiki, so I know that the ip address is my public ip. As I move around the wiki the log updates. Neat.
The Bassinator
© ®

Last edited by glennzo; 5th July 2007 at 01:00 PM.
Reply With Quote
Old 5th July 2007, 01:41 PM
ibbo Offline
Registered User
Join Date: Jun 2005
Location: Leeds
Posts: 1,263

This is a common webdav IIS exploit. Thus if your using linux and apache (which you are) you can laugh to yourself and state muppets.

You can use denyhosts or tcpwrappers to cut this offenders IP out of been responded to if it troubles you.

A Hangover Lasts A Day, But Our Drunken Memories Last A Lifetime
Linux user #349545
(GNU/Linux)iD8DBQBAzWjX+MZAIjBWXGURAmflAKCntuBbuKCWenpm XoA7LNydllVQOwCfdjyzXscddzQvlhBedAcD7qfKmHo==zx0H
Reply With Quote

access, apache, logs

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache File Transfer Logs Jamwa Programming & Packaging 1 18th September 2009 10:38 AM
Convert Apache-logs to IIS-logs locodude Servers & Networking 3 29th November 2007 06:55 PM
apache logs JB05 Security and Privacy 3 9th May 2005 06:12 AM
Help with apache logs hdcleaver Servers & Networking 6 1st May 2005 09:22 PM

Current GMT-time: 18:43 (Saturday, 19-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat