'Re: [suse-security] apache2 Strange Logs HASH(0xead1b0) etc.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    Re: [suse-security] apache2 Strange Logs HASH(0xead1b0) etc.
From:       Marcus Meissner <meissner () suse ! de>
Date:       2006-07-13 15:18:59
Message-ID: 20060713151859.GA23260 () suse ! de
[Download RAW message or body]

On Thu, Jul 13, 2006 at 10:14:31AM -0500, Dirk Enrique Seiffert wrote:
> Hello,
> 
> on one Apache2 webserver we get strange logs: The originating IP reverse
> lookup points to internetidentity.com - Googling about this company says
> they they provide anti-phishing filters to Microsoft. The file they are
> going for is an phishing-site, placed frequently in unpatched horde
> instalations. What do the HASH(***) entries in the error logs mean?
> 
> 209.147.127.222 - - [12/Jul/2006:18:11:53 -0500] "GET
> /horde/.../www.alaskausa.org/ultrabranch.alaskausa.org/services-activatevisa-init-wait.htm
> HTTP/1.1" 404 1025 "-" "HASH(0xead1b0), HASH(0xed5c50), HASH(0xed11a0),
> HASH(0xee8e60), HASH(0xeb2e10), HASH(0xec1600), HASH(0xed3b90),
> HASH(0xed5ce0), HASH(0xeac910), HASH(0xed0f70), HASH(0xeadf00),
> HASH(0xee8ef0), HASH(0xea2b10), HASH(0xead190), HASH(0xee86a0),
> HASH(0xee8a50), HASH(0xed7280), HASH(0xed5cc0), HASH(0xedd640),
> HASH(0xeb53f0), HASH(0xed3960), HASH(0xede590), HASH(0xed5fa0),
> HASH(0xed14e0), HASH(0xeb2e20), HASH(0xead580), HASH(0xeb4cf0),
> HASH(0xea6760), HASH(0xec98d0), HASH(0xe84640), HASH(0xed65d0),
> HASH(0xe988b0), HASH(0xed6050), HASH(0xe896a0), HASH(0xed0c90),
> HASH(0xea4e10), HASH(0xec9790), HASH(0xec9850), HASH(0xec98a0),
> HASH(0xec9c00), HASH(0xec9ac0), HASH(0xec9970), HASH(0xec4a60),
> HASH(0xeca0c0), HASH(0xee8fb0), HASH(0xee8fe0), HASH(0xee9010),
> HASH(0xee9040), HASH(0xee9070), HASH(0xee90a0), HASH(0xee90d0),
> HASH(0xee9100), HASH(0xee9130), HASH(0xee9160), HASH(0xee9190),
> HASH(0xee91c0), HASH(0xee91f0), HASH(0xee9220), HASH(0xee9250),
> HASH(0xee9280), HASH(0xee92b0), HASH(0xee92e0), HASH(0xee9310),
> HASH(0xee9340), HASH(0xee9370), HASH(0xee93a0), HASH(0xee93d0),
> HASH(0xee9400), HASH(0xee9430), HASH(0xee9460), HASH(0xee9490)"

Those HASH() marks are signs of perl scripts.

Ciao, Marcus

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic