Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

21 May, 2024: Computers section is temporarily disabled for maintenance. It will take several days before it's back.

devel / comp.lang.tcl / Re: Weird characters in web log file

SubjectAuthor
* Weird characters in web log filesaitology9
`* Re: Weird characters in web log fileRich
 `* Re: Weird characters in web log filesaitology9
  `- Re: Weird characters in web log fileRich

1
Weird characters in web log file

<u3gc60$n788$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=22019&group=comp.lang.tcl#22019

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: saitology9@gmail.com (saitology9)
Newsgroups: comp.lang.tcl
Subject: Weird characters in web log file
Date: Wed, 10 May 2023 11:10:55 -0400
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <u3gc60$n788$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 May 2023 15:10:56 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="f00a86cf2dda50f5c236e4995f451895";
logging-data="761096"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/PzNLSQwCkz1NHL2WstNgU"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.9.0
Cancel-Lock: sha1:8zMM+TGtUYX+NGGF0sLKsknthJg=
Content-Language: en-US
 by: saitology9 - Wed, 10 May 2023 15:10 UTC

I am seeing weird chinese characters in my tcl httpd log files. This
service has been running fine for some time. The behavior started
occurring out of nowhere in the last few days. It is the following
string repeating endlessly:

纮纮纮纮纮纮纮纮纮纮纮纮

I checked encoding and everything seems to be OK. Google translates it
to "Chinese simplified" as:

hong hong hong hong hong

Any idea what is going on? I have been fighting off a bad case of the
flu and feeling too dizzy to do anything useful about it but hoping
someone can have a quick answer or solution.

Re: Weird characters in web log file

<u3ggiv$nrpb$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=22020&group=comp.lang.tcl#22020

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: comp.lang.tcl
Subject: Re: Weird characters in web log file
Date: Wed, 10 May 2023 16:26:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <u3ggiv$nrpb$1@dont-email.me>
References: <u3gc60$n788$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 May 2023 16:26:07 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1ecee990103c3f6ad221df10baf6759e";
logging-data="782123"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18TjVypGufpPwt+TaERxgub"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.19 (x86_64))
Cancel-Lock: sha1:YcMcoBr+VNtJQfiOXw+GUnzrQuU=
 by: Rich - Wed, 10 May 2023 16:26 UTC

saitology9 <saitology9@gmail.com> wrote:
> I am seeing weird chinese characters in my tcl httpd log files. This
> service has been running fine for some time. The behavior started
> occurring out of nowhere in the last few days. It is the following
> string repeating endlessly:
>
>
> 纮纮纮纮纮纮纮纮纮纮纮纮
>
>
> I checked encoding and everything seems to be OK. Google translates it
> to "Chinese simplified" as:
>
> hong hong hong hong hong
>
>
> Any idea what is going on?

Possibly someone attempting to find a buffer-overflow exploit?

Re: Weird characters in web log file

<u3gh8p$nt37$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=22021&group=comp.lang.tcl#22021

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: saitology9@gmail.com (saitology9)
Newsgroups: comp.lang.tcl
Subject: Re: Weird characters in web log file
Date: Wed, 10 May 2023 12:37:44 -0400
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <u3gh8p$nt37$1@dont-email.me>
References: <u3gc60$n788$1@dont-email.me> <u3ggiv$nrpb$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 10 May 2023 16:37:45 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="11baf23210e9b05407d80e6dbe4b49c3";
logging-data="783463"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Kem9iq8kZxrmYGpsDPaD3"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.9.0
Cancel-Lock: sha1:10+XEZbhSSSEtY9Pjf9tYGXRYCg=
Content-Language: en-US
In-Reply-To: <u3ggiv$nrpb$1@dont-email.me>
 by: saitology9 - Wed, 10 May 2023 16:37 UTC

On 5/10/2023 12:26 PM, Rich wrote:
>
> Possibly someone attempting to find a buffer-overflow exploit?
>

Thanks for the info. I think you are right: I looked at the logs for
couple of days preceding it, and there was a constant flow of requests,
one second apart and lasting all day long, for all sorts of resources
that don't exist on my server.

Re: Weird characters in web log file

<u3gi7f$o2mv$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=22022&group=comp.lang.tcl#22022

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: comp.lang.tcl
Subject: Re: Weird characters in web log file
Date: Wed, 10 May 2023 16:54:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <u3gi7f$o2mv$1@dont-email.me>
References: <u3gc60$n788$1@dont-email.me> <u3ggiv$nrpb$1@dont-email.me> <u3gh8p$nt37$1@dont-email.me>
Injection-Date: Wed, 10 May 2023 16:54:07 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1ecee990103c3f6ad221df10baf6759e";
logging-data="789215"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19gIOnqT8t54ZC3jTZz0Mpb"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.19 (x86_64))
Cancel-Lock: sha1:xtTrVl03TPIUZpCPXP/tWylvCTE=
 by: Rich - Wed, 10 May 2023 16:54 UTC

saitology9 <saitology9@gmail.com> wrote:
> On 5/10/2023 12:26 PM, Rich wrote:
>>
>> Possibly someone attempting to find a buffer-overflow exploit?
>
> Thanks for the info. I think you are right: I looked at the logs for
> couple of days preceding it, and there was a constant flow of
> requests, one second apart and lasting all day long, for all sorts of
> resources that don't exist on my server.

Run any public facing webserver and you'll get this. It is usually
bots testing for various php and/or wordpress exploits.

devel / comp.lang.tcl / Re: Weird characters in web log file

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor