Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700

• Previous message: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
• Next message: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2007-10-17 at 05:31 -0700, David Wolfskill wrote:
> I'm seeing some rather peculiar-looking thing in my Apache logs:
> 

> 
> [Tue Oct 16 22:25:27 2007] [error] [client 71.158.175.242] Invalid method in request 
> [Tue Oct 16 22:26:12 2007] [error] [client 71.193.127.74] Invalid method in request 
> [Tue Oct 16 22:26:41 2007] [error] [client 76.21.135.124] Invalid method in request 
> 

David,

I'd guess someone with a botnet wants your box.  These look like they
are searching for Apache vulnerabilities in unusual request methods
(e.g. TRACE instead of GET).  It also looks like your Apache is
configured to reject these (good!).  

Make sure you're staying on top of security patches.

At least one of the IP's you list is on the SpamHaus PBL.  You might
consider blocking some of those.

Regards,

- Ames

-- 
Ames Cornish  ~  http://montebellopartners.com/
650-331-1402  ~  ames at montebellopartners.com

• Previous message: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
• Next message: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]