[#]webserver #log #Gh0st and others.
My web server is logging all sorts of weirdness, and I wonder whether it's worth classifying the attempts?
(It only answers GET method at the moment)
Gh0st I know is a RAT, and I recognise the Censys scans, but how about http method 'RIP', and requests starting with control characters e.g. 0x160302016f01 (only alphabetic 'o') or just 0x160301 ?
I'm not that worried, just interested :-)
=> More informations about this toot | More toots from RupertReynolds@hachyderm.io
Oddly, adding "binary" to web searches finds an explanation (oddly, because the word "binary" doesn't appear on the pages found).
Apparently, it's an attempt to scan for the POODLE vuln in fallback to SSLv3 and it's been around for years.
[#]SSL
=> More informations about this toot | More toots from RupertReynolds@hachyderm.io
text/geminiThis content has been proxied by September (3851b).