/usr/local/apache/logs/access_log HACKERS/EXPLOITS

[CanadianJeff]

Scan For And IPTABLES DROP these @ssholes (parden my french)

Code: Select all

root@redhat [~]# cat /usr/local/apache/logs/access_log | grep x
190.125.200.223 - - [09/Oct/2010:18:44:00 -0700] "\x80F\x01\x03\x01" 404 -
96.54.115.198 - - [09/Oct/2010:18:50:55 -0700] "\xd2\x93`|?\xc3" 404 -
41.220.68.8 - - [10/Oct/2010:08:58:56 -0700] "\x80F\x01\x03\x01" 404 -
96.53.213.125 - - [10/Oct/2010:14:27:38 -0700] "$0\xaa\x85\xd1;\x07" 404 -
96.51.66.73 - - [10/Oct/2010:16:27:57 -0700] "\xf7\x95L\xc3\x9a#\xf8\x1c\x17\xb4\xbaI\b\xbf \xb8\xbec3\xf0\b\xb2x\x91" 400 2211
96.49.163.162 - - [10/Oct/2010:16:27:58 -0700] "\xc7\x9a\x06\xae\x8a\x96\xf9\xcb\xf4\xc7\xd8\xa2$\x86\xc4R4Q7^\xf1\xe4[\xadE,W\xf18\x14\xc6\x82l\x12\xf8K3\xd2U\x94\xcc'" 404 -
173.34.17.74 - - [10/Oct/2010:18:30:37 -0700] "6\xae\xc4\xcf\x11\xacr\xb7lQh^#\xe2\x7f\x9b0\xfc\xec\xa1\x06\xd9\xaf`\xc0\xcd\xbf0\x84\x98\x01\x89+ x\x91\r\x05)\x80\x89O\x1e\xbb\x88\xff>\xa3\xb0!\xe3\"\x8d\xd1\x13\xa2\b" 400 372
202.156.128.2 - - [10/Oct/2010:19:34:00 -0700] "\x80F\x01\x03\x01" 404 -
74.58.76.134 - - [10/Oct/2010:22:23:12 -0700] "\xf3eF\xfb1w\xc0\xbf\xd21\xd5\x92nV\xd2\x04\x1e\x88\xae\x8d\x1f\xa1&L\xa2\xf4\t\xc4\xe2\"^J\xa1\xabuw" 400 2211
59.37.15.42 - - [10/Oct/2010:22:39:31 -0700] "\x80F\x01\x03\x01" 404 -
205.250.67.93 - - [11/Oct/2010:00:23:39 -0700] "\xf6\xf2\xd0\xa8\xf2\xfb\x14\xa2;\x86\xb9\x8a\xaa[\x11\x01\xdb\x96.\xc5\xf2" 404 -
96.51.250.233 - - [11/Oct/2010:10:04:27 -0700] "\x16\x03\x01" 404 -
96.51.250.233 - - [11/Oct/2010:10:04:28 -0700] "\x8a8" 404 -

[chirpy]

Apache attacks are really best dealt with using ModSecurity.