1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What do you think is happening here?

Discussion in 'Off Topic' started by LPH, Feb 6, 2013.

  1. LPH

    LPH Well-Known Member

    The error logs are filled with gibberish:

    [Tue Feb 05 20:13:33 2013] [error] [host www.retainingteachers.com] [client] (36)File name too long: access to /community/++++++++++++++++++++++++++++++++++++++Result:+\xe4\xe0\xed\xe​d\xfb\xe9+IP+\xe7\xe0\xe1\xe0\xed\xe8\xeb\xe8+-+\xec\xe5\xed\xff\xe5\xec​+\xef\xf0\xee\xea\xf1\xe8+1+\xf0\xe0\xe7;+\xe8\xf1\xef\xee\xeb\xfc\xe7\x​f3\xe5\xec+\xef\xf0\xee\xea\xf1\xe8+;+GET-\xf2\xe0\xe9​\xec\xe0\xf3\xf2\xee\xe2+30;+\xe7\xe0\xf0\xe5\xe3\xe8\xf1\xf2\xf0\xe8\xf​0\xee\xe2\xe0\xeb\xe8\xf1\xfc;+\xe2\xee\xf8\xeb\xe8;+\xed\xe5+\xed\xe0\x​f8\xeb\xee\xf1\xfc+\xf4\xee\xf0\xec\xfb+\xe4\xeb\xff+\xee\xf2\xef\xf0\xe​0\xe2\xea\xe8;+\xe2\xee\xe7\xec\xee\xe6\xed\xee,+\xf0\xe5\xe3\xe8\xf1\xf​2\xf0\xe0\xf6\xe8\xff+\xed\xe5+\xf3\xe4\xe0\xeb\xe0\xf1\xfc+(\xe2\xfb\xf​1\xeb\xe0\xed+\xea\xee\xe4+\xe0\xea\xf2\xe8\xe2\xe0\xf6\xe8\xe8+/+\xe8\x​f1\xef\xee\xeb\xfc\xe7\xf3\xe5\xf2\xf1\xff+\xe4\xee\xef\xee\xeb\xed\xe8\​xf2\xe5\xeb\xfc\xed\xe0\xff+\xe7\xe0\xf9\xe8\xf2\xe0+/+\xf1\xe1\xee\xe9+​\xe2+\xf0\xe0\xe1\xee\xf2\xe5+\xf4\xee\xf0\xf3\xec\xe0+/+...); failed, referer: http://www.retainingteachers.com/community/+++++++++++++++++++++++++++++​+++++++++Result:+%E4%E0%ED%ED%FB%E9+IP+%E7%E0%E1%E0%ED%E8%EB%E8+-+%EC%E5​%ED%FF%E5%EC+%EF%F0%EE%EA%F1%E8+1+%F0%E0%E7;+%E8%F1%EF%EE%EB%FC%E7%F3%E5​%EC+%EF%F0%EE%EA%F1%E8+;+GET-%F2%E0%E9%EC%E0%F3%F2%EE%​E2+30;+%E7%E0%F0%E5%E3%E8%F1%F2%F0%E8%F0%EE%E2%E0%EB%E8%F1%FC;+%E2%EE%F8​%EB%E8;+%ED%E5+%ED%E0%F8%EB%EE%F1%FC+%F4%EE%F0%EC%FB+%E4%EB%FF+%EE%F2%EF​%F0%E0%E2%EA%E8;+%E2%EE%E7%EC%EE%E6%ED%EE,+%F0%E5%E3%E8%F1%F2%F0%E0%F6%E​8%FF+%ED%E5+%F3%E4%E0%EB%E0%F1%FC+%28%E2%FB%F1%EB%E0%ED+%EA%EE%E4+%E0%EA​%F2%E8%E2%E0%F6%E8%E8+/+%E8%F1%EF%EE%EB%FC%E7%F3%E5%F2%F1%FF+%E4%EE%EF%E​E%EB%ED%E8%F2%E5%EB%FC%ED%E0%FF+%E7%E0%F9%E8%F2%E0+/+%F1%E1%EE%E9+%E2+%F​0%E0%E1%EE%F2%E5+%F4%EE%F0%F3%EC%E0+/+...%29; 

    What do you think is the attempt because clearly this is not a human typing into a browser?
  2. ENF

    ENF Well-Known Member

    I believe it's a bot, I see the same entries on a few vB sites. Either a spam bot or other type...
  3. whynot

    whynot Well-Known Member

    I have such things in the error log.
    Just ignoring them.
  4. LPH

    LPH Well-Known Member

    Thanks. I was hoping someone might explain why the string formation. Spam has started to increase - so it's probably tied to that too.
  5. Brandon Sheley

    Brandon Sheley Well-Known Member

    They may be searching for an exploit with all those /xx/xx/xx slashes
  6. rollthebones

    rollthebones Active Member

    Searching for an exploit that doesn't exist. Ignore it.
  7. Adam Howard

    Adam Howard Well-Known Member

    1 of 2 things....

    If you see this "here or there", but not always and often.... Exploit search. Most likely answer and nothing to worry about. :)

    If you see this A LOT (1 - 10 sources, but not long term).... Possible early ddos attack.

    Your server will use Y amount of resources the deeper you go into a directory structure / path . And uses Y amount to redirect you from X (being it real or not) to a standard 404 page vs a simple hit.

    A small group will hit you with 1 - 10 locations (testing the water). If your site seems "favorable" they'll add you to their target list. Such people like to hit sites not 1 at a time, but a few dozen at a time. And when they return..... It will not be 1 - 10 locations (a lot more than that).
    LPH likes this.
  8. LPH

    LPH Well-Known Member

    Thank you Adam and roll ...
    Adam Howard likes this.

Share This Page