[ic] error.log

[Bradley Caricofe]

> I assume that is a single log entry.  Is there any other text in
> the log that looks suspicious.  Perhaps on or near the log entry
> with that block of numbers.
>
> Do you get similar log entries in your Apache access_log or error_log
> files?
>
> Which version of the various servers are you using: Interchange, Apache
> etc?

Sorry for not putting a subject in my first email, it was late.  The entries
consisting of all the 000030000's are extremely long, like someone was
trying to exploit a buffer overflow.  I haven't cut them up and measured,
but each entry could weigh a couple megs.  There is a log entry appearing
right before each of these in the IC error.log which is:

213.75.175.152 bBjGtCKt:213.75.175.152 - [22/June/2002:09:43:00 -0400] store
/cgi-bin/store.cgi/order.html Safe: Number too long at (eval 401) line 1.

Same ip on each, nothing however in our httpd logs.  As far as our original
problem with restarting IC and being unable to get the catalog to come up
right, well, it worked itself out.  We have the site on a cobalt raq3
running a bad version of apache.  We've applied a quick fix for now and have
been waiting for SUN to release a patch for a week now.  We considered
compiling a new apache but it would probably have broken some of the
cobalt's gui features, which some of our people have to use.

The version of IC is 4.8.3 I'm pretty sure.  The site is operating fine it
seems for now.  We're going to be moving it to a pure linux machine in the
next couple of weeks so we can upgrade more easily in the future.  I'd still
like to know what these strange log entries are though.

thanks Kevin,
Brad