apaceh 2 on xp pro -- strange access log entries: "SEARCH /\x90\x02\xb1..."

these strange log entries go on for many lines and on the end of the
last line says, 'HTTP/1.0" 414 352'

I'm not sure what the 352 code is but I believe the 414 indicates that
the request is too long, correct?

Anyway, should I worry about this--I'm running apache 2 on xp pro? Help
would be appreciated--thanks.

TheKeith

TheKeith wrote:

> these strange log entries go on for many lines and on the end of the
> last line says, 'HTTP/1.0" 414 352'
>
> I'm not sure what the 352 code is but I believe the 414 indicates that
> the request is too long, correct?
>
> Anyway, should I worry about this--I'm running apache 2 on xp pro? Help
> would be appreciated--thanks.
>

Yeah its requested URI too long, sounds like someone was trying formmail
exploits

--
Mimic

"When life hands you lemons, ask for tequila and salt."
ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"He who controls Google, controls the world".

Mimic

In article <wJSdne437KKEj5XcRVn->,
says...
> TheKeith wrote:
>
> > these strange log entries go on for many lines and on the end of the
> > last line says, 'HTTP/1.0" 414 352'
> >
> > I'm not sure what the 352 code is but I believe the 414 indicates that
> > the request is too long, correct?
> >
> > Anyway, should I worry about this--I'm running apache 2 on xp pro? Help
> > would be appreciated--thanks.
> >
>
> Yeah its requested URI too long, sounds like someone was trying formmail
> exploits
>
>
Actually it's the IIS WebDAV exploit, probably a worm.

/steve
--
High speed SSH Tunnels, Encrypted Socks, multiple web proxies (filtered
and unfiltered), Advanced E-mail, Usenet, Web Hosting, and far more.
No one gives you more control over your e-mail than we do!
http://www.cotse.net/privacyservice.html

Stephen K. Gielda

Stephen K. Gielda wrote:

> In article <wJSdne437KKEj5XcRVn->,
> says...
>
>>TheKeith wrote:
>>
>>
>>>these strange log entries go on for many lines and on the end of the
>>>last line says, 'HTTP/1.0" 414 352'
>>>
>>>I'm not sure what the 352 code is but I believe the 414 indicates that
>>>the request is too long, correct?
>>>
>>>Anyway, should I worry about this--I'm running apache 2 on xp pro? Help
>>>would be appreciated--thanks.
>>>
>>
>>Yeah its requested URI too long, sounds like someone was trying formmail
>>exploits
>>
>>
>
> Actually it's the IIS WebDAV exploit, probably a worm.
>
> /steve

fair enough

--
Mimic

"When life hands you lemons, ask for tequila and salt."
ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"He who controls Google, controls the world".

Mimic

Stephen K. Gielda wrote:

> In article <wJSdne437KKEj5XcRVn->,
> says...
>
>>TheKeith wrote:
>>
>>
>>>these strange log entries go on for many lines and on the end of the
>>>last line says, 'HTTP/1.0" 414 352'
>>>
>>>I'm not sure what the 352 code is but I believe the 414 indicates that
>>>the request is too long, correct?
>>>
>>>Anyway, should I worry about this--I'm running apache 2 on xp pro? Help
>>>would be appreciated--thanks.
>>>
>>
>>Yeah its requested URI too long, sounds like someone was trying formmail
>>exploits
>>
>>
>
> Actually it's the IIS WebDAV exploit, probably a worm.
>
> /steve


Ahh good, I don't have to worry then. Does anyone know of any
worm/viruses that try to exploit apache?

TheKeith