[Dshield] Re: Unusual log activity - any ideas?
dshield at tinfoil.demon.co.uk
Wed May 1 22:51:04 GMT 2002
I've been working on a project examining HTTP logs for a few websites
>and looking at attack patterns. I've noticed something unusual about a few
>of them I found online.
Closest I can find in my log (Grep for passwd) is:
217.81.xxx.xxx - - [11/Apr/2002:20:35:35 +0000] "GET /cgi-bin/phf?Qalias
=%0A/bin/cat%20/etc/passwd HTTP/1.0" 404 205 "-" "-"
Plus a few "Client sent Malformed Header" at around the time/date but
several different hosts.
More information about the list