2

all. I'm running CollabNet Subversion Edge, Software version 2.0.0-2190.74 Subversion version 1.6.17-2190.74 When I look at the repository access logs, I get entries like

91.199.239.1 - - [30/Nov/2011:09:36:12 -0500] "\xd1!\xf8\xba\x9cb\x0f\xf2\x8b\x1f\x9ad\xabm4\x02\xc6\x94\x94Z\x7f\xb60\xf2\x1ai\x9br\xc9x\xfa\xb4i" 501 245

I did a whois on that IP, and I get this:

netname: NET-SAMSUNG-SDS-EUROPE

descr: SAMSUNG SDS EUROPE LIMITED

country: DE

I have only shared the access to this repository with a few close friends, so what are these entries from? Is this just usual internet stuff, or is this something I should be worried about? Also, does anyone have any info on what that ridiculous \xd1\xf8.... nonsense is? Can I get anything useful from it?

Simone Carletti
  • 173,507
  • 49
  • 363
  • 364
Charles McAnany
  • 195
  • 1
  • 2
  • 7

1 Answers1

3

Apache sent a 501 Not Implemented in response to that request. It's probably some exploit attempt or somebody trying to start up an SSL session on the wrong port.

The first word in that quoted area in the log is supposed to be the HTTP method (GET, HEAD, POST, etc). Apache rightly rejected the request because \xd1!...isn't a valid method name.

Those \x.. strings are hexadecimal representations of bytes.

cpugeniusmv
  • 286
  • 1
  • 6
  • Ah, thanks. Hmm... So this one: 210.51.174.58 - - [30/Nov/2011:05:24:08 -0500] "HEAD / HTTP/1.0" 200 - whois: (country: CN descr: Beijing YiZhuang IDC of China Netcom) something I should be concerned about, or was this just someone just accessing my webpage? – Charles McAnany Dec 01 '11 at 02:49
  • The HEAD method is similar to GET, except it only returns the headers (not the body). So that's not much different than someone navigating to the root of your web site. – cpugeniusmv Dec 01 '11 at 17:18