1

Some time ago I've noticed that my apache gets some strange http requests, I mean the requests addressed to my 80 port. I had an error on my main page and looking to my apache log file I noticed that requests first time. The IP location varies a lot and also sometimes this request trigger the following error:

[Thu Dec 15 13:47:31 2011] [error] [client 212.100.130.179] Invalid URI in request \x8b\x19\xbci\xdd8\xb5i)\xd2 k.\xbd\x8d\xbd\xd1\xec\xdb\xe8\x90
[Thu Dec 15 13:47:47 2011] [error] [client 80.88.12.120] Invalid URI in request \x93\xbe\x05\xa5@\xafu\x85\xa2{\xff%\xa6\xbc\x01>%\x04\x1c\xed\xa38\x0c \x10\xd1\xdd\xc4\xf7Hu\xee\x86\x89\xd0\xd6\xbd\xb5\x81\x1c>|i

I don't understand what kind of requests are these and how they reaches my computer, because I don't have a real IP and I'm inside a local network that has the only 1 line to the internet, I mean that the all computers connected to my network, has the same IP address outside of network. Is these are because of some trojan application or something similar on my computer?

I'm using Mac OS X Lion and the standard Apache server that ships with it.

Improve this question
4
  • 5
    If you're behind a hardware-firewall (f.e. router), and you still receive requests from the outside, then there must be some sort of port forwarding or DMZ setup for your computer.
    – Bobby
    Commented Dec 15, 2011 at 10:36
  • yes, I'm behind a router. do you mean I need to check my router and turn of 80 port forwarding if it's set?
    – haynar
    Commented Dec 15, 2011 at 11:12
  • Yes, that's my first idea.
    – Bobby
    Commented Dec 15, 2011 at 11:14
  • @Bobby thanks a lot :) you were right, the 80 port forwarding was open :/ you can add it as answer and I'll check it
    – haynar
    Commented Dec 16, 2011 at 11:15

1 Answer 1

Reset to default
3

These look like binary requests against your web-server, which is not necessary strange. Though, without seeing the whole incoming request it's hard to judge what it is. The worst case is that your webserver is being probed for vulnerabilities. The best case is that somebody is trying to connect to your server with a binary-protocol (f.e. ssh).

To why this is reaching you, the important part is this one:

... and how they reaches my computer, because I don't have a real IP and I'm inside a local network that has the only 1 line to the internet ...

You're behind a hardware-firewall. Any request which gets forwarded to your machine needed to pass through that device, your machine is therefor only directly reachable from inside the network. But those requests are coming from the outside. This means there are only two possibilities:

  • A port forwarding to your machine is specified in the firewall
  • Your machine is classified as DMZ

Have a talk with your IT-Admin (if any) and/or check the configuration of the hardware-firewall.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .