[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] ^null$ httpd requests

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] ^null$ httpd requests
From: phrag <phrag@xxxxxxx>
Date: Thu, 20 Feb 2014 18:35:37 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 20 Feb 2014 12:35:17 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

So I've been receiving a few of these httpd requests on my SSL web
server. The webserver runs on the root domain of a subdomain hosting a
tor relay. From a whois, i see rgnx is owned by Jacob Appelbaum.

The webserver in question is running a good ssl setup according to
https://www.ssllabs.com/ssltest/.

Any information as to what this could be?

######
## httpd log ##
rgnx.net - - [20/Feb/2014:17:29:46 +0100] "\x16\x03\x01" 301 217 "-" "-"

## logwatch ##
 Attempts to use known hacks by 1 hosts were logged 62 time(s) from:
    rgnx.net: 62 Time(s)
       ^null$ 62 Time(s)

 A total of 1 sites probed the server
    rgnx.net

 A total of 1 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):

    null HTTP Response 301
######
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlMGPOgACgkQceRvMfxmL+0jMwCgr3zMBm7GngflSXiHB2WzJG/d
7ucAoJDOhmcOeIGUwNZzuaHwTcG/QntN
=yDA4
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] Phishy
Next by Author: Re: [tor-relays] schedule tor relay uptime/ bandwidth
Previous by thread: Re: [tor-relays] Repeated "failed to get unique circID." in the log
Next by thread: [tor-relays] Multi-instance Tor init script
Index(es):
- Author
- Thread