Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: psycho on December 30, 2004, 04:28:28 AM

Title: Corrupt Log Files using version 6.0.1
Post by: psycho on December 30, 2004, 04:28:28 AM

I am using SME Server 6.0.1 and I am getting corrupt log files.

It has some of the file intact but there is the following text mixed up in the file:

\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1

I do not think that I am getting a complete log file.  I did not have this problem with SME Server version 5.6 and I want to know if anyone knows what is causing this and how I can fix it.

Any help is appreciated.

dave@tcon.net

Title: Corrupt Log Files using version 6.0.1
Post by: NickR on December 30, 2004, 11:10:21 AM

It's not a corruption, it's a script kiddie trying to exploit a buffer overflow bug in the MS WebDAV component of IIS 5.  The line is over 32Kb long. You should be seeing this in your Apache access logs.  You can get the gory details here http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

There is a bug in tai64unix which locks the process when it is trying to read a file with lines this long.  The only way is to use the 'download' option & read the file in a text editor which can handle the line lengths.

As to stopping it, you can't really - I've been seeing this stuff regularly for over a year now.  File under the "annoying but harmless" catagory.

Title: Corrupt Log Files using version 6.0.1
Post by: psycho on December 30, 2004, 04:45:16 PM

Will this affect Version 5.6?

Title: Corrupt Log Files using version 6.0.1
Post by: NickR on December 30, 2004, 04:52:22 PM

Quote from: "psycho"

Will this affect Version 5.6?

Probably - I wouldn't use 5.6 as a public-facing machine though.