[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] apache2 Strange Logs HASH(0xead1b0) etc.



Hello,

on one Apache2 webserver we get strange logs: The originating IP reverse
lookup points to internetidentity.com - Googling about this company says
they they provide anti-phishing filters to Microsoft. The file they are
going for is an phishing-site, placed frequently in unpatched horde
instalations. What do the HASH(***) entries in the error logs mean?

209.147.127.222 - - [12/Jul/2006:18:11:53 -0500] "GET
/horde/.../www.alaskausa.org/ultrabranch.alaskausa.org/services-activatevisa-init-wait.htm
HTTP/1.1" 404 1025 "-" "HASH(0xead1b0), HASH(0xed5c50), HASH(0xed11a0),
HASH(0xee8e60), HASH(0xeb2e10), HASH(0xec1600), HASH(0xed3b90),
HASH(0xed5ce0), HASH(0xeac910), HASH(0xed0f70), HASH(0xeadf00),
HASH(0xee8ef0), HASH(0xea2b10), HASH(0xead190), HASH(0xee86a0),
HASH(0xee8a50), HASH(0xed7280), HASH(0xed5cc0), HASH(0xedd640),
HASH(0xeb53f0), HASH(0xed3960), HASH(0xede590), HASH(0xed5fa0),
HASH(0xed14e0), HASH(0xeb2e20), HASH(0xead580), HASH(0xeb4cf0),
HASH(0xea6760), HASH(0xec98d0), HASH(0xe84640), HASH(0xed65d0),
HASH(0xe988b0), HASH(0xed6050), HASH(0xe896a0), HASH(0xed0c90),
HASH(0xea4e10), HASH(0xec9790), HASH(0xec9850), HASH(0xec98a0),
HASH(0xec9c00), HASH(0xec9ac0), HASH(0xec9970), HASH(0xec4a60),
HASH(0xeca0c0), HASH(0xee8fb0), HASH(0xee8fe0), HASH(0xee9010),
HASH(0xee9040), HASH(0xee9070), HASH(0xee90a0), HASH(0xee90d0),
HASH(0xee9100), HASH(0xee9130), HASH(0xee9160), HASH(0xee9190),
HASH(0xee91c0), HASH(0xee91f0), HASH(0xee9220), HASH(0xee9250),
HASH(0xee9280), HASH(0xee92b0), HASH(0xee92e0), HASH(0xee9310),
HASH(0xee9340), HASH(0xee9370), HASH(0xee93a0), HASH(0xee93d0),
HASH(0xee9400), HASH(0xee9430), HASH(0xee9460), HASH(0xee9490)"

Thanks a lot

Enrique

-- 
Dirk Enrique Seiffert - Lintec S.A.
Ed. Torre del Reloj - Of. 401
Plaza de los Coches, Centro
Cartagena - Colombia
http://www.lintecsa.com

-- 
Este mensaje ha sido analizado por MailScanner
en busca de viruses y otros contenidos peligrosos,
y se considera que est limpio.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here