logwatch / s possibleuccessful probes were detected / null HTTP Response 302


my today’s logwatch reported:

A total of 1 sites probed the server

A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):

null HTTP Response 302 

i’ve checked my logs and found only this: - - [20/Jul/2008:23:58:31 +0200] “\xf3\xea\x05\xc5” 302 282 - - [20/Jul/2008:23:58:31 +0200] “\xf3\xea\x05\xc5” 302 282

i’ve tried to google for an explanation, but failed to find something useful.

should i be worried? any hints?

Hi Art,

I wouldn’t worry too much here. My guess is if you to your server’s IP to that url in your browser, it’ll just redirect to another page, which is the 302 redirect it’s talking about. I think those types of exploits are usually IIS related, and not linux/apache.


thanks again Paul, for a newbie like me there are many things that give me some serious headaches sometimes, most of them i’m able to sort out myself after some searching.