I've been getting a couple of strange GET requests on my dev server from unknown IPs. I don't know if this is some weird character encoding or something entirely else. The mysterious thing is, my server responds with the status 200, so the input matches something, but I don't know what.
The request is ":\xcc\x89\xa9L\xcf\xc3\xb6\xc1\x8f\xa9\xe7\xc0\xec\x16"
Ideas?
EDIT: Corrected the request, it wasn't a GET request, but still returns the root index page.
EDIT2: A new one just popped up:
xxx.xxx.xxx.xxx - - [20/Oct/2010:09:10:33 +0300] ";\x8e\xb0!\xa2\xa7\xe7\x11\xf1HX\xb6\x188|z\x9b\xac;z\x10\xafn\xd8*fD\x9d\xc1\x11I\x9a5\xe6\xcbu,\x8c\xd7\x84O[\xf7\xca\xe67\xe5\xba\x94\xdd.\xc0d\xd0} " 200 2085 "-" "-"
Nope, definitely not unicode anymore...
Maybe a WebDAV hack similar to:
http://www.sans.org/security-resources/malwarefaq/webdav-exploit.php
Trying to exploit a buffer overrun.
It could just be someone attempting to exploit your system. What is your server's response to the request ?
Do you use SSL?
Access log like a request trying to talk SSL on a non-SSL.
Except for the third token, it looks like unicode character codes.
This certainly does not look like a valid HTTP request (could be an attempted attack.)
FWIW, my server (Apache 2.2.14) responds with "501 Method Not Implemented", which is its standard response to any request it does not recognize.
Is your server configured to rewrite anything it does not like to "/index.html" or some such?