Q
Get started Bring yourself up to speed with our introductory content.

Strange Web log entries

You Can View User Feedback To This Response

Do you have any idea what the heck this could be from? I have several hundred entries similar to this, all from different IP addresses.

************************************
Date:	08/06/2001 05:40:22 PM
User Address:	209.36.26.12
Authenticated User:	-
Status:	404
Content Length:	221
Content Type:	text/html
Request:	GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0
Browser Used:	
Error:	
Referring URL:	
Server Address:	209.6.16.156
Elapse Time (ms):	1412

While I cannot be certain, it is possible that you are seeing the attempts of a hacker to break into your Domino server. This may be a "buffer overflow" attack, where the hacker uses very long URLs to trick the web server (Domino) into doing something malicious.

USER FEEDBACK TO THIS RESPONSE

  • Hello Everyone,

    Reader Jean-Philippe was nice enough to respond to one of my previous answers. Someone had asked about strange long log entries that included strings like "[SNIP]". I suggested that this might indicate an attempt by a hacker to mount a buffer overflow attack.

    Jean-Philippe says that this is a typical signature from the Code Read worm. I cannot personally verify this information, but thought I would pass it along.

    —Chuck Connell

In fact this is a typical log of the Code Red Worm

Dig Deeper on Domino Resources - Part 6

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchDataCenter

SearchContentManagement

Close