I have some bad requests (400) in my apache error logs, from random IP addresses and all of the time these are unreadable encoded characters starting with \x, but I don’t know what kind of encoding this is. It might be harmless but I want to know what they mean.
What the hell is this?
PS. I meant StRing encoding in the title.
I thought sting sounded cooler… Anyway corrected the title, and have no idea about the encoding
I’m pretty sure I’ve seen it before. Something that represents the characters on a very low level, like the root of all encodings.. Maybe unmapped keys, or hex, or something extreme.
Firsh saidSorry, I didn’t read the part where you wanted to know what it meant. I imagine the best way is an Apache log reader. There are a ton of those (and I don’t use Apache), so I don’t know what to recommend.
jwmcpeak saidAnd how do I convert it to ‘english’?
Well I have AppServ (a server package for windows), and I open the read Apache Log. I don’t think there is any more to it than that file. It’s already very verbose listing every request that has been made. I cropped the screenshot but there are more information at the beginning of the lines like IP and time stamp. Majority of the requests are in plain english. But these are encrypted or I don’t know.
looks a bit python(ish), no clue what it means though, sorry
I’m late to the party, but let’s see if I can help.
The \x\x text is ostensibly hex-encoded something. That is, Apache got a sequence of bits which it represents as a series of two-byte (16 bit) codes. If they were all below \x80 it would be ASCII (which it isn’t). If they were all near each other numerically, then it would be some other encoding (which it isn’t). Since those numbers are all over the place, I’m guessing that it is one of two things:
1) Somebody attacking your server, possibly looking for a buffer overflow.
2) Somebody hitting an HTTP server with an HTTPS request on the HTTP port. This encrypted stream will not be encoded text and thus will look like random bits.
My guess is for the latter, just from looking at it.
I understand that it is a bit late to help the OP, but I figure if this page is showing up in search results then this answer may help somebody in the future.