Do you have any idea what the heck this could be from? I have several hundred entries similar to this, all from different IP addresses.
************************************ Date: 08/06/2001 05:40:22 PM User Address: 184.108.40.206 Authenticated User: - Status: 404 Content Length: 221 Content Type: text/html Request: GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Browser Used: Error: Referring URL: Server Address: 220.127.116.11 Elapse Time (ms): 1412
While I cannot be certain, it is possible that you are seeing the attempts of a hacker to break into your Domino server. This may be a "buffer overflow" attack, where the hacker uses very long URLs to trick the web server (Domino) into doing something malicious.
Reader Jean-Philippe was nice enough to respond to one of my previous answers. Someone had asked about strange long log entries that included strings like "[SNIP]". I suggested that this might indicate an attempt by a hacker to mount a buffer overflow attack.
Jean-Philippe says that this is a typical signature from the Code Read worm. I cannot personally verify this information, but thought I would pass it along.—Chuck Connell
Dig Deeper on Domino Resources - Part 6
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.