Some Spam HTTP Post

26 May, 2019 - 12:37:42

By

Matthew Deig

I had this idea to checkup on my logs for a web server I'm running and see what type of requests that it was getting. I wasn't planning on writing it any findings up but recovering from my latest hiking trip. I figure I would do something.

What stood out to me when I was looking at the logs. It was getting hit by spam drive-by attacks. Some typical basic ones of getting the myAdmin pages and other unsecured servers might have. Though I found a couple of request that were interesting to me anyways.

SQL in the request header.

The first time this showed up in my logs was May 7th 2019, and coming from China. The url request from my server is usually a hexadecimal url string. What caught my eye the most was in the request header there was a SQL like query in there.

554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'/*";s:3:"num";s:141:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca

I'm not sure what their target was. It looks to me they where looking for a possible a name with ads.

The server I pulled this from doesn't have any databases hooked up to it so this request wasn't harmful to me.

Reconnect to my server?

The first time this request showed up in my logs was May 04 2019, and coming from China. The request has a string of encoded hexadecimal and at the end is http protocol url of server ip address. Why it caught my eye was that it had server ip in the request url. This one I'm not sure what is going on with it. I'm going to take a guess that it might be some type of buffer overflow.

Conclusion

I'm not sure why this are attacks. I did searches on the string to see if anyone was talking about them. I didn't have any luck. I just wanted to write about because I thought they looked interesting. I fairly sure that they are coming from an automated script to see if they can get an easy target, because they do show up in my logs often with other requests from the same place. Just some of my thoughts on these POST requests.

Hurt Art Scene

26 Nov, 2018 - 21:22:55

By

Matthew Deig

What is going on?

Evansville has lost a couple of artist hangouts this year. One was the wired and the other was PG. Though Wired still livers as The Hub, but there is no new PG at the moment.

Who does this effect?

It effects the local artist of Evansville. They lost a couple of places to show their art and music to the community. It also effects the people that are looking for that local art community and enjoy it.

Why does this matter to me?

It matters to me that I might miss out on the local music in Evansville. My first dive into the local music of Evansville was at PG at event called Little Sound Assembly. I went to the first one they held in 2014 shortly after I came back from China. Then I went to everyone except for one. I missed out for some reason.

My first time going to Wired was to see my friend Kaanvas. It was Kaanvas first time back into the music scene after a hiatus.

I went to many different shows and events at each place. Seeing different acts like Paper Sweaters, North by North, and many more. I had a great time. It allowed me to get out more and change to meet people.

Went to an art show that PG held and it was for a digital art. I didn't end up buying anything but it was fun looking at the art.

These was some great places, and they are going to be missed.

What now?

I don't know. Maybe someone will pick up after what they left or the art scene will die out.