+- Xonotic Forums (https://forums.xonotic.org)
+-- Forum: Community (https://forums.xonotic.org/forumdisplay.php?fid=6)
+--- Forum: Off Topic (https://forums.xonotic.org/forumdisplay.php?fid=15)
+--- Thread: Weird requests from the dark corners of the internet? (/showthread.php?tid=3017)
Weird requests from the dark corners of the internet? - Minkovsky - 05-17-2012
I have a http server up. I set it up just to show my IT teacher I could program and deploy Django stuff.
But then I checked the logs, and this came up:
Code:
119.73.233.194 - - [17/May/2012:10:58:27 +0200] "\x8cu\x85}\xdc\x1aT\xc4G\xdf\x8aB\x15\xf9\x1b\x93\\\x1dqq\x1e\xb7\xb7\xddC?:\x95\xc7\x06\xa9`\x14\xc9@\xb5\xad|2\b?+\xb0u\xff" 403 1006 "-" "-"
77.120.230.14 - - [17/May/2012:11:25:23 +0200] "\xcc\xa1\x92\x19\xe4\x8d\xcaH" 403 1006 "-" "-"
94.181.219.40 - - [17/May/2012:11:31:33 +0200] "v\xe0\x0fm\xff\xb3\x89q:\"\xc2\x13\xac\xf0\x9f" 403 1006 "-" "-"
95.85.146.108 - - [17/May/2012:11:40:55 +0200] "\xbbe2t\xc1\xee\xba\x1d\xb3\x16\xd0\xfe\x1e\xba7\xb81\xdd\x82\xb9\x172\xd3/\xbb\x89\xc8PZ\vA\xf9\xc5\xd8\xb5T\x7f\x92\x96\xd6[\xbbc\xd2c\xae\x04" 400 295 "-" "-"They seem to be hex-encoded strings, but of what encoding I don't know. Or maybe someone is trying to hack me, however I think these are just some robots getting all kinds of errors back (although if they were legitimate robots, wouldn't they get 404's out of my missing robots file)?
What do you guys think?
RE: Weird requests from the dark corners of the internet? - Cyber Killer - 05-17-2012
If you got many of those coming from random ip addresses, then I'd assume that those are just bots trying to break into your server, trying some random known exploits. Happens all the time with public ip servers. You'd probably notice these are coming from the same subnets and then you'll be able just cut them out on your firewall.
RE: Weird requests from the dark corners of the internet? - Minkovsky - 05-17-2012
They're all different countries. There's somebody with unresolvable IP from Singapore, two from Ukraine (but different ISPs) and one Russian. Nothing much in between, since I didn't go putting this IP up everywhere, I'd much rather just buy a domain (I heard a UK registrar offers them for 3 pounds a year).
RE: Weird requests from the dark corners of the internet? - Cyber Killer - 05-17-2012
whois <ip address>
will give you their isp info and that isp's ip range
You can get domains for free on the OpenNIC DNS network (but they only work for ppl using opennic) - it's a good (costless) option for a personal project. Also there are services like no-ip or dyndns so I don't see a reason to pay for a domain.
RE: Weird requests from the dark corners of the internet? - Minkovsky - 05-17-2012
I'll probably look into OpenNIC, however I don't see much point, aside from evading possible DNS censorship, since I don't think many people use it (although I imagine a lot more will start using it when the aforementioned censorship gets real, but only then).
RE: Weird requests from the dark corners of the internet? - Minkovsky - 05-17-2012
It seems some of the requests match some Nmap behaviour. Two guys landed on the reject list of my firewall for repetition, one from the same subnet as myself. Talk about weird.
RE: Weird requests from the dark corners of the internet? - GreyAxe90 - 05-18-2012
Yes, as a network admin, I see all this stuff all the time. This is why firewalls are very important.
Like at work, one of our Linux web servers was being port scanned by some script kiddie at the College of Puerto Rico. But Google your IP. You'll see it pops up in whois lists and network assignment blocks all over the internet. Hackers/script kiddies use these lists to "attack".
And for free domains, co.cc is a good choice, there's also .tk
RE: Weird requests from the dark corners of the internet? - Cyber Killer - 05-21-2012
co.cc is banned on nearly every security browser addon and antivirus lists, cause it got used for loads of malware (meaning you won;t get many visitors and depending on what you use it can be hard for yourself to visit your own site :-P ), also it's really hard to get a reasonable name there, as the spammers got the namespace really used up ;-)
RE: Weird requests from the dark corners of the internet? - Minkovsky - 05-22-2012
Is free .tk just a frame like it used to be, or do they do it the standard way now?