That's the message that norton internet security gave me once when boitho was running! :lol: :lol:


Details: Attempted Intrusion "HTTP Apache Redundant Slashes DoS" from your machine against 80.77.88.227 was detected and blocked.
Intruder: localhost(1349).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: 80.77.88.227.
Attacked Port: http(80).

I must be crawling too much... :P

extracted from a usenet discussion...(David W. Hodgins Aug 4 2005, 9:35 am)
It only affects webservers running apache 1.24 or older.
what the bug actually does is cause the server to stop responding, if someone
enters a url like http://some.domain.invalid/pub////////////file
The extra slashes would be removed (if you had enough ram), but it would take a
long time. Without enough ram, it would crash the server.

It seems that amongst the boitho list of URLs to be checked there may be a few bad eggs.

Recommend you email the Project Team so that they can weed them out otherwise their volunteers may become unpopular very quickly.

You mean that just putting too many slashes in the address can be hazardous to a server?
Imagine if, accidentally or otherwise, a guy posted a link on slashdot to a site but with those extra slashes in the address?

Hmm... thinking better there's no need for specific DoS attack really... slashdot users on their own already make up strong attacks on servers :lol:

Seems that a hi number of leading slashes in a url will trigger this. I will add a test for this to our url filter.

Symantec's info: http://www.symantec.com/avcenter/attack_sigs/s20510.html

I happened to be near the computer and noticed one more of these warnings by my firewall today.

I guess not all url's have been filtered out yet. :?