Forum Moderators: phranque
61.***.131.173 - - [26/Aug/2004:03:41:07 -0400] "GET /~!^~!^~!.html HTTP/1.1" 404 657 "-" "google"
The IP is based in China and the User_Agent is forged. The log shows a 404, but when I typed this filename into my addressbar, after my domain, I got a "Server File Not Found" page, from the RAQ server, not my own custom 404. This tells me that the codes are somehow aimed at fooling the server into doing or allowing something unfriendly. Am I correct in this assumption?
TIA, Wiz
[edited by: jdMorgan at 10:23 pm (utc) on Aug. 26, 2004]
[edit reason] Obscured IP address [/edit]
I got the exact same request from the exact same IP address. On a straight-up Apache server, it was blocked by a check for forged googlebot UAs:
61.***.131.173 - - [26/Aug/2004:12:33:37 -0400] "GET /~!^~!^~!.html HTTP/1.1" 403 683 "-" "google"
Jim
I don't know if this is a known exploit, and you can't search google for "~" or "/" anyway, so it's difficult to tell. If jdMorgan has seen it too, that would indicate that it is a random attempt rather than a specific attack on your system. Still, better to be patched and secured properly.
