216.185.35.11 tries something new

1 reply [Last post]
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

At first I thought they were trying to exploit us, but was just another lame GET DoS. This time with completely random junk after /?

Logs:

216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?.9ufz\t\x99t\x7f/~ak\x83YX-1\x80\x01\x982J\x82~C8 1:\x04FT\x10v{\x92nen*\\T\x1f\x955{\x95\x93z\x1dA i+pl\x86U \x87\\O{t\x99=q)\x14\x13\x10\x94\x85A/\x80j4Q<F\x14|\x05m\x8a] HTTP/1.1" 403 448 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?-G\x86fDBMF\x15V\x15*3\x13M\x99=\x8e\x8c\x96JG!=&>du3<\x04F\x8f%\x06\x04\x034h\x0cwE*K];Z'\x8eI2e\b7\x068?z\x88\x97d\x85\x93y?\x04Q\x0eE\x8b\x19\x07k\x8d:{\x17XB\x98\x826\x92\x89d9zVoLbie HTTP/1.1" 403 584 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?\x7fS^\x0c\x82UD?M\x80/ HTTP/1.1" 403 452 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?\x81\x99eO\x01\x1c\x1c%&t7\x83t\x8b/AH1\x0c\"!W\x91\x06\x1bW\x14M\t\x01\x05A\x80k`wZ\x8dSA\x07\x91]\x80'\x13Z@[\x0f'O\x07\x95\x18\t HTTP/1.1" 403 510 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:29 -0400] "GET /?\x159VdZ^\x8c6^nJ\x07)HvfBnl\x1d[\x02r\x95\x1828\x8892\x11\x82aj\x90x\x99U]pvyLW\x96W4]P\x8bs&fV\x112;l\x15x\x849\x170N\x15\x11\x81iFS)J40M\x82V\x04.\v6M?7.x`\x83zVAaJ\x97eqZQ0\x03\x16z\t HTTP/1.1" 403 718 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:29 -0400] "GET /?$I[)'C,\x94\x17~\x1fj@o=.G\\a+$1 HTTP/1.1" 403 502 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:29 -0400] "GET /?B\x901\x12\b='3apW\x96t%\x8b\x1a\x0f7\x1d%\x7f\x8d\x12>\x11\x98\x93\t(\x05\x041?s\x85 w\x8b\x8c{-\x16t{\x13\x06\x95\x03\x1d\x94\x84\x10dhE\x1e\x1b,\x8a\x87dLV\x17\x8b%dwM_\x1a+0\x80$h\x8aN\x1b:S}*5\x1d\x88\x03)]F\x8dk\x7f/\x1c@A\x17y HTTP/1.1" 403 560 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?a\x8bxgz\x07\\\x03`>0RxB\t4vL{\x88\x84\x80ZvqW(\x10JU(/kp\x10y\x7fi~^Rh\x12o\x1f\x1cJ_))G[IH\x8c=5vp\x81,\x86\x10``?-6m\x8f7G]p\x80\x8fFElu@\x1e\x1e\x1e\x84Cf?\x87@\x0cE\x1a\x189n3\x8f\x1d1\x12bQ\x06\x82\x8c'\x8fPu\x13\x12z|g\x8cEE]{~\"+*2Lq1\x93X\b\x15h\x1bu\x8a\vde\x1b\x80q;GH\x16h63*-\x03\x87\x1e\x0e\x05/\x93p*\x89,fL$\x8f\x99\x11\x8e\b\x89\v\x15E&\x89E\x8a HTTP/1.1" 403 490 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?n\x97%\x8aH\x07c\x16J\x96B\x1fp\x84\x1bJ\x0f\x8b[4s\x88\x8d5\x86(|:\x0eg\x0f#\x83Fh\x89/,\x15\x99Jo\x95\x01\x82\x13L_G_ESD\x11=\x1clc\x93'f% blG HTTP/1.1" 403 572 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?\x12\x15 \v=F'\x12\x807Y\x1c HTTP/1.1" 403 450 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /? \x0212IL\x88 02@\x05N\x05Q)\x8e@\x14:SX.8\x17)=g%[\x06@\x8366\vq\x93\x91NK HTTP/1.1" 403 438 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?I?\x97\x8ddF\x93\x14M=h\x10\x87RKp!\x8a|\x878R\x18\x1a\x8am\x06\t\x93\x0e~.\x15\v\x98M\x18'\x134f.\v\x13Z\x05D\x99\x18=J(\x92b[\x06\x176M\x12\x043\x85\x8fz,5\x13s1\x18_\x123L\x90QH\x17\x95id($jm\x18\x95\x7fc\x0e\x8f\x8a\ty+U{,*:\x15\"~h[$\x99W=%3<\x94\x1dr[\\\x1ch\x1cw4e\x8ag!yv HTTP/1.1" 403 548 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?Q\x11a\x16-.E\x8e3\x82\x1f.\x8ey\x90}\x81\x95rV\x80\x91\x1c. HTTP/1.1" 403 538 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?#\x16\x91\x84D\x93f\x1e\x95l\x0f<g`\x19CY|.k,\x84\x80b\x075p9h_8\x891d\x98Ofm\x93.np HTTP/1.1" 403 438 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?\x80g\x80@~ l\x19M<\x81\x12.A\x18V\x99(F]>\x13\x02R\x81N.K\x15\x86kE\x83\x81\x7f`Q5 HTTP/1.1" 403 456 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /? HTTP/1.1" 403 438 "-" "Googlebot"
216.185.35.11 - - [07/Sep/2013:09:29:30 -0400] "GET /?n\x1c\x93N=\x11n] HTTP/1.1" 403 470 "-" "Googlebot"