Re: [squid-users] Strange user name in SQUID log

From: Pavel Bychykhin <pavel.priv_at_hte.vl.net.ua>
Date: Sun, 06 May 2012 21:31:16 +0300

Many thanks for advice.
It is now clear that this is a completely SARG's problem.

06.05.2012 1:47, Amos Jeffries написал:
> On 6/05/2012 12:53 a.m., Pavel Bychykhin wrote:
>> Hi!
>>
>> My SQUID version is 3.1.19. Recently I noticed very strange log record
>> (strange user name):
>>
>> 1335604655.033 49 192.168.1.20 TCP_DENIED/407 481 HEAD
>> http://s7.addthis.com/static/r07/sh084.html
>> %ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%90%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%b1%ef%bf%af%ef%be%bf%ef%be%91%ef%bf%af%ef%be%be%ef%be%80%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%b0%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%ba%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%be%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%b4%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%b0%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%b2%ef%bf%af%ef%be%bf%ef%be%91%ef%bf%af%ef%be%be%ef%be%80%ef%bf%af%ef%be%bf%ef%be%90%ef%bf%af%ef%be%be%ef%be%b0
>> NONE/- text/html
>>
>> All my users have their accounts in plain ASCII.
>> It would not be a big problem (such record occurred only once), but
>> SARG was unable to process this record and does not generate a report.
>> I wonder, is it a correct log record, or it's a bug?
>>
>
> This looks like the correct log entry for a mangled (attack?) request.
> An asian name appears when decoded as Unicode. It was rejected due to
> incorrect auth credentials by your system.
>
> Amos
>
>

-- 
Best regards,
Pavel
Received on Sun May 06 2012 - 18:31:29 MDT

This archive was generated by hypermail 2.2.0 : Mon May 07 2012 - 12:00:03 MDT