(200 ok) ACCEPTED - Is this a hacking attempt?

security http hacking vulnerabilities exploit

I assume this is some type of hacking attempt. I've try to Google it but all I get are sites that look like they have been exploited already.

I'm seeing requests to one of my pages that looks like this.

/listMessages.asp?page=8&catid=5+%28200+ok%29+ACCEPTED

The '(200 ok) ACCEPTED' is what is odd. But it does not appear to do anything.

I'm running on IIS 5 and ASP 3.0. Is this "hack" meant for some other type of web server?

Edit:

Normal requests look like:

/listMessages.asp?page=8&catid=5

  1. May be the log is wrong. It looks like some part of answer inside URL. If it appears in IIS logs, try to watch the request URL using packet sniffer to ensure it is really such.
  2. May be some script gets malformed URL, e.g. it may be bug in your ASP site.

In general it may look like either highly specific or specially crafted crack attempt that is made to look like a bug, but I suppose it is not. You should also analyse previous and further requests from this user. If it is sometimes occur from different places with no other suspicious things, it is a bug, not crack attempts.


Are all the requests coming from one IP range? Have you tried running a packet capture to see what the full request headers look like?

Related

linux CLI screenshot without X
Gigabit capacity
Migrate IMAP account between providers - client access only
Disable IPv6 on Debian VPS (Virtuozzo!)
How to get number of files open in Ubuntu?
Why no Win16 support in 64-bit Windows? [closed]
How can I do daily backups for my VisualSVN Repos? [duplicate]
What linux is easy to attach to a windows domain
Can I share the scanner functionality of a multifunction printer over a network running CUPS print server?
Which HTTP methods does Subversion use?
Mass installation on networked Windows computers?
Is Clustering really = High Availability?