Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange HTTP requests

From: "Brad Causey" <bradcausey () gmail com>
Date: Wed, 14 Jun 2006 15:54:43 -0500
Are all of the user strings the same?

On 6/14/06, Shannon Johnston <sjohnston () cavionplus com> wrote:


It's all from one source IP, but the requests are for various files from
various websites hosted on my servers. Different domains, different
files, even different file types.
It's making about 8-10 GET requests at the same time, then does it again
almost exactly a minute later.

I can't remember seeing anything like it before.

SJ


On Wed, 2006-06-14 at 22:31 +0200, php0t wrote:
> -----Original Message-----
> From: Shannon Johnston
> Sent: Wednesday, June 14, 2006 10:17 PM
> To: full-disclosure () lists grok org uk
> Subject: [Full-disclosure] Strange HTTP requests
>
> > I'm seeing a ton of HTTP requests in the following fashion:
> >
> > GET index.html - 80 - <ip address> HTTP/1.1 fuujcbjbGbagkmkGuj7kmgnebl
> > +qekaf - - website.com 302 0 0 532 206 218
> > The random string would normally be the user-agent. I can't help but
> think this is a bot of some sort.
> > Anybody know of anything that would produce this?
>
> Are they all index.html requests? How often do you get them? From how
> many different IP's?
> It could be just a proxy or a firewall set up to change the user-agent
> to some random string, but whether they're surfers or bots you can tell
> by looking at all such lines - to me, an index.html alone doesn't tell
> me much, maybe others have seen this though and know what it is.
>
> php0t
> www.zorro.hu
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQBEkHKfjeRCqLPCFtoRAvK9AJ90xH45lNtgkt/W+CHmpg4kEBA8dACgw9hS
+tMv1fCDEZ61l7AVy6EZ1Ik=
=YGuc
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
-Brad Causey

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: