logwatch / s possibleuccessful probes were detected / null HTTP Response 302

system · July 21, 2008, 6:00am

Hello,

my today’s logwatch reported:

A total of 1 sites probed the server
194.174.65.18

A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):

null HTTP Response 302

i’ve checked my logs and found only this:

194.174.65.18 - - [20/Jul/2008:23:58:31 +0200] “\xf3\xea\x05\xc5” 302 282
194.174.65.18 - - [20/Jul/2008:23:58:31 +0200] “\xf3\xea\x05\xc5” 302 282

i’ve tried to google for an explanation, but failed to find something useful.

should i be worried? any hints?

IWorx-Paul · July 21, 2008, 10:53am

Hi Art,

I wouldn’t worry too much here. My guess is if you to your server’s IP to that url in your browser, it’ll just redirect to another page, which is the 302 redirect it’s talking about. I think those types of exploits are usually IIS related, and not linux/apache.

Paul

system · July 22, 2008, 5:34am

thanks again Paul, for a newbie like me there are many things that give me some serious headaches sometimes, most of them i’m able to sort out myself after some searching.