Code injection attempt and user agent to block

**Lee G** · 02-15-2011 12:40 PM

Just going through my visits log and found some rather nice moron in China has been trying what looks like a code injection

114.80.93.73 - - [15/Feb/2011:00:37:39 -0500] "HEAD /zh-CN/f188/\xe6\xa2\x85\xe8\xa5\xbf\xe4\xb8\xbb\xe6\x9c\xba\x e5\x9c\xa8\xe7\xbd\x97\xe7\xba\xb3\xe5\xb0\x94\xe5 \xa4\x9a\xe7\x9a\x84\xe5\xae\xb6\xe5\x85\x9a-239385/

Luckily they are easy to ban in both user agent and country

HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; WPS; .NET CLR 1.1.4322"

I had five attacks all from different ips

I cant find any mention of the above code on the net. Just what does, is supposed to do etc

**Brian Cummiskey** · 02-15-2011 04:31 PM

That's actually common to see in logs. I don't know the exact reasoning behind it, but it's 'normal'. Perhaps a server guru can offer more info.

**Lee G** · 02-15-2011 05:23 PM

Cheers for that Brian. The only time I noticed it was with someone using QQDownload

**gotlinks** · 02-17-2011 02:38 PM

Originally Posted by Lee G

Just going through my visits log and found some rather nice moron in China has been trying what looks like a code injection

114.80.93.73 - - [15/Feb/2011:00:37:39 -0500] "HEAD /zh-CN/f188/\xe6\xa2\x85\xe8\xa5\xbf\xe4\xb8\xbb\xe6\x9c\xba\x e5\x9c\xa8\xe7\xbd\x97\xe7\xba\xb3\xe5\xb0\x94\xe5 \xa4\x9a\xe7\x9a\x84\xe5\xae\xb6\xe5\x85\x9a-239385/

Luckily they are easy to ban in both user agent and country

HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; WPS; .NET CLR 1.1.4322"

I had five attacks all from different ips

I cant find any mention of the above code on the net. Just what does, is supposed to do etc

I get these hackting attempt emails all the time. I get them when they fail their attempt
and my system auto bans their IP from trying again...they are probably using a fake IP or
something anyway...so the system bans one IP, and it starts all over again...I get about 2-3
daily emails...keep your server up-to-date, keep your VB up-to-date, keep your mods up-to-date....
mostly I get hacking attempts from China/India, sometimes even from the US.

Code injection attempt and user agent to block

LinkBack

Thread Tools

Display