[tor-relays] ^null$ httpd requests

phrag phrag at phra.gs
Thu Feb 20 17:35:37 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

So I've been receiving a few of these httpd requests on my SSL web
server. The webserver runs on the root domain of a subdomain hosting a
tor relay. From a whois, i see rgnx is owned by Jacob Appelbaum.

The webserver in question is running a good ssl setup according to
https://www.ssllabs.com/ssltest/.

Any information as to what this could be?

######
## httpd log ##
rgnx.net - - [20/Feb/2014:17:29:46 +0100] "\x16\x03\x01" 301 217 "-" "-"

## logwatch ##
 Attempts to use known hacks by 1 hosts were logged 62 time(s) from:
    rgnx.net: 62 Time(s)
       ^null$ 62 Time(s)

 A total of 1 sites probed the server
    rgnx.net

 A total of 1 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):

    null HTTP Response 301
######
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlMGPOgACgkQceRvMfxmL+0jMwCgr3zMBm7GngflSXiHB2WzJG/d
7ucAoJDOhmcOeIGUwNZzuaHwTcG/QntN
=yDA4
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list