[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SEARCH attack
Just be aware that it's actual mod_alias rather than mod_rewrite lines in that extract, so the first line should be 

 <IfModule mod_alias.c>
Of course, it will only break due to the error if you don't have mod_rewrite loaded. 



On Jun 7, 2004, at 11:58 AM, Robert Cates wrote:


Thanks much!
The rewrite solution looks good to me as well, and I'll add to my config 
shortly!

Thanks again,
Robert

----- Original Message -----
From: "mimo" <mimo@restoel.net>
To: "Robert Cates" <robert@kormar.de>
Cc: <debian-isp@lists.debian.org>
Sent: Monday, June 07, 2004 2:36 PM
Subject: Re: SEARCH attack



Hi

I have noticed the same here -- have a look at this
http://216.239.59.104/search?q=cache:RA7huHM9tEoJ: forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/ %5Cx90%5Cx02&hl=en 

I liked the rewrite solution to throw it to ms... ;)

Michael

Robert Cates wrote:


Hi,
I hoping somebody can both fill me in on what this SEARCH is all about, 
and

what I can/should do to stop it:
Every so often I find a very long request in my Apache access logs that 
seems to be an attempted SEARCH ("SEARCH /\x90\x02\xb1\x02\xb1\x02\

...").


1).  Is this a security problem (on a Linux server)?

2).  If so, how can I stop this?  I tried to stop it using a <Limit

SEARCH>,

but a configtest told me that "SEARCH" was an undefined or unknown

method.
I placed the <Limit SEARCH> within the <Directory /> container as well as 
out on it's own in the config file.

3).  Is this a Windows platform issue?
4). If so, how can I stop these attempts from filling up my access logs. 

All info is greatly appreciated!

Thanks,
Robert








--
Please note that this account is being filtered using anti UCE systems. If
you send email to this account make sure that it could not be mistaken as 
UCE.







--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: