Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

19 May, 2024: Line wrapping has been changed to be consistent with Usenet standards.
 If you find that it is broken please let me know here rocksolid.nodes.help

devel / comp.lang.tcl / Weird characters in web log file

SubjectAuthor
* Weird characters in web log filesaitology9
`* Weird characters in web log fileRich
 `* Weird characters in web log filesaitology9
  `- Weird characters in web log fileRich

1
Weird characters in web log file

<u3gc60$n788$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=11475&group=comp.lang.tcl#11475

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: saitolo...@gmail.com (saitology9)
Newsgroups: comp.lang.tcl
Subject: Weird characters in web log file
Date: Wed, 10 May 2023 11:10:55 -0400
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <u3gc60$n788$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 May 2023 15:10:56 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="f00a86cf2dda50f5c236e4995f451895";
logging-data="761096"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/PzNLSQwCkz1NHL2WstNgU"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.9.0
Cancel-Lock: sha1:8zMM+TGtUYX+NGGF0sLKsknthJg=
Content-Language: en-US
 by: saitology9 - Wed, 10 May 2023 15:10 UTC

I am seeing weird chinese characters in my tcl httpd log files. This
service has been running fine for some time. The behavior started
occurring out of nowhere in the last few days. It is the following
string repeating endlessly:

纮纮纮纮纮纮纮纮纮纮纮纮

I checked encoding and everything seems to be OK. Google translates it
to "Chinese simplified" as:

hong hong hong hong hong

Any idea what is going on? I have been fighting off a bad case of the
flu and feeling too dizzy to do anything useful about it but hoping
someone can have a quick answer or solution.

Re: Weird characters in web log file

<u3ggiv$nrpb$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=11476&group=comp.lang.tcl#11476

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ric...@example.invalid (Rich)
Newsgroups: comp.lang.tcl
Subject: Re: Weird characters in web log file
Date: Wed, 10 May 2023 16:26:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <u3ggiv$nrpb$1@dont-email.me>
References: <u3gc60$n788$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 May 2023 16:26:07 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1ecee990103c3f6ad221df10baf6759e";
logging-data="782123"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18TjVypGufpPwt+TaERxgub"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.19 (x86_64))
Cancel-Lock: sha1:YcMcoBr+VNtJQfiOXw+GUnzrQuU=
 by: Rich - Wed, 10 May 2023 16:26 UTC

saitology9 <saitology9@gmail.com> wrote:
> I am seeing weird chinese characters in my tcl httpd log files. This
> service has been running fine for some time. The behavior started
> occurring out of nowhere in the last few days. It is the following
> string repeating endlessly:
>
>
> 纮纮纮纮纮纮纮纮纮纮纮纮
>
>
> I checked encoding and everything seems to be OK. Google translates it
> to "Chinese simplified" as:
>
> hong hong hong hong hong
>
>
> Any idea what is going on?

Possibly someone attempting to find a buffer-overflow exploit?

Re: Weird characters in web log file

<u3gh8p$nt37$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=11477&group=comp.lang.tcl#11477

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: saitolo...@gmail.com (saitology9)
Newsgroups: comp.lang.tcl
Subject: Re: Weird characters in web log file
Date: Wed, 10 May 2023 12:37:44 -0400
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <u3gh8p$nt37$1@dont-email.me>
References: <u3gc60$n788$1@dont-email.me> <u3ggiv$nrpb$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 10 May 2023 16:37:45 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="11baf23210e9b05407d80e6dbe4b49c3";
logging-data="783463"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Kem9iq8kZxrmYGpsDPaD3"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.9.0
Cancel-Lock: sha1:10+XEZbhSSSEtY9Pjf9tYGXRYCg=
Content-Language: en-US
In-Reply-To: <u3ggiv$nrpb$1@dont-email.me>
 by: saitology9 - Wed, 10 May 2023 16:37 UTC

On 5/10/2023 12:26 PM, Rich wrote:
>
> Possibly someone attempting to find a buffer-overflow exploit?
>

Thanks for the info. I think you are right: I looked at the logs for
couple of days preceding it, and there was a constant flow of requests,
one second apart and lasting all day long, for all sorts of resources
that don't exist on my server.

Re: Weird characters in web log file

<u3gi7f$o2mv$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=11478&group=comp.lang.tcl#11478

  copy link   Newsgroups: comp.lang.tcl
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ric...@example.invalid (Rich)
Newsgroups: comp.lang.tcl
Subject: Re: Weird characters in web log file
Date: Wed, 10 May 2023 16:54:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <u3gi7f$o2mv$1@dont-email.me>
References: <u3gc60$n788$1@dont-email.me> <u3ggiv$nrpb$1@dont-email.me> <u3gh8p$nt37$1@dont-email.me>
Injection-Date: Wed, 10 May 2023 16:54:07 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1ecee990103c3f6ad221df10baf6759e";
logging-data="789215"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19gIOnqT8t54ZC3jTZz0Mpb"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.19 (x86_64))
Cancel-Lock: sha1:xtTrVl03TPIUZpCPXP/tWylvCTE=
 by: Rich - Wed, 10 May 2023 16:54 UTC

saitology9 <saitology9@gmail.com> wrote:
> On 5/10/2023 12:26 PM, Rich wrote:
>>
>> Possibly someone attempting to find a buffer-overflow exploit?
>
> Thanks for the info. I think you are right: I looked at the logs for
> couple of days preceding it, and there was a constant flow of
> requests, one second apart and lasting all day long, for all sorts of
> resources that don't exist on my server.

Run any public facing webserver and you'll get this. It is usually
bots testing for various php and/or wordpress exploits.

devel / comp.lang.tcl / Weird characters in web log file

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor