So I’m the server admin and web developer for my school’s robotics team. I look through the servers access logs every once in a while just to check on things. I keep seeing requests that look like someone’s scanning for vulns. But I’m seeing something I’ve never seen before. It looks like someone is sending requests in machine code and I have no idea why or what it would do???
here’s the request:
"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x02\x00\x00\x00" 400 166 "-" "-"
What port was this sent to, and what webserver are you running (if it was sent to a webserver)?
This reminds me of the string to strigger the really bad apache vulnerabilities that lead to being able to read from the whole filesystem (path traversal), or get a shell on your system (remote code execution). It’s likelu that bots are spray and praying attempts across the internet. As long as you’re up to date, you should be good.