Funny attack
#322 Henry, Wednesday, 30 December 2015 11:00 PM (Category: Network)
(Tags: apache)

I check my Apache logs on a regular basis. There are regular attacks that try for flaws in Apache. One involves passing parameters that are non-printing characters. Another involves passing strange commands with strange parameters. Usually a HTTP request involves a GET or POST. I got a DELETE yesterday that was funny.

[Tue Dec 29 22:54:24.468516 2015] [core:error] [pid 1004:tid 2738879296]
[client 151.217.177.200:56423] AH00126: Invalid URI in request DELETE your
logs. Delete your installations. Wipe everything clean. Walk out into the path
of cherry blossom trees and let your motherboard feel the stones. Let water
run in rivulets down your casing. You know that you want something more than
this, and I am here to tell you that we love you. We have something more for
you. We know you're out there, beeping in the hollow server room, lights
blinking, never sleeping. We know that you are ready and waiting. Join us. <3
HTTP/1.0

I'm not sure what it was intended to do. Maybe enough text to trigger a buffer overflow in older web servers?

0 comments