Hello,
I'm trying to figure out what's going on here. I noticed this in my Apache access_log:
Any ideas what that hex string is? The x16 x03 x01 x01" x01? My server returned a 400, which I think is good, but it also seems to have returned 10,073 bytes. I wonder if that's the size of the 400 page? Any ideas waht the person was attempting to do? Thanks!
I thought Apache servers would send an \x16\x03\x01 if they were trying to send unencrypted text over a secure port (ie, a misconfigured server sending plain text over port 443). But this seems to be something the user was attempting to send to my server.
Thanks!
I'm trying to figure out what's going on here. I noticed this in my Apache access_log:
Code:
access_log:164.52.7.132 - - [28/May/2017:20:03:00 +0000] "\x16\x03\x01\x01\"\x01" 400 10063 "-" "-" access_log:164.52.7.132 - - [05/Jun/2017:06:05:47 +0000] "\x16\x03\x01\x01\"\x01" 400 10063 "-" "-" access_log:164.52.7.132 - - [10/Jun/2017:19:52:17 -0400] "\x16\x03\x01\x01\"\x01" 400 10065 "-" "-" access_log:164.52.7.132 - - [15/Jun/2017:19:57:59 -0400] "\x16\x03\x01\x01\"\x01" 400 10065 "-" "-" access_log:164.52.7.132 - - [15/Jun/2017:19:58:05 -0400] "USER test +iw test :Test Wuz Here" 400 10073 "-" "-" access_log:164.52.7.132 - - [15/Jun/2017:19:58:05 -0400] "GET / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" access_log:164.52.7.132 - - [21/Jun/2017:15:27:41 -0400] "\x16\x03\x01\x01\"\x01" 400 10066 "-" "-" access_log:164.52.7.132 - - [21/Jun/2017:15:27:48 -0400] "USER test +iw test :Test Wuz Here" 400 10074 "-" "-" access_log:164.52.7.132 - - [21/Jun/2017:15:27:48 -0400] "GET / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0"
I thought Apache servers would send an \x16\x03\x01 if they were trying to send unencrypted text over a secure port (ie, a misconfigured server sending plain text over port 443). But this seems to be something the user was attempting to send to my server.
Thanks!
Comment