Strange Apache Log Entries

So I was browsing my Apache logs and I found some strange entries...

The first was:

Access.log



The entry is much larger, in fact its 34,000 characters long...

After a little research, it seems this is a Webdav exploit... This is tried on port 80 if port 135 is disabled... Perhaps someone else could back me up on my research? =)

For the record, I h ad at least 30 of these entries which caused the size of my log file to be larger than necessary!


The other log entry has me baffled...

Error.log



The second line is related to my discovery in the access.log file, however its the first line that gets me... No IP or date... I figured it was caused by my machine rebooting, but another friend told me his logs have nothing like this (and I know his machine reboots quite frequently)... This message appears multiple times in my log.

Hopefully someone has some insight on these entries...

I'll have to trust you on your webdav research, though it sounds like your explanation is probably reasonable (except that webdav runs on port 80, period, as far as I know).

I don't have the precise SIGTERM error you've got in your logs, but I do have stuff like this:



The SIGTERM(15) I would take to mean that somebody sent a "kill -15 <pid>" at the command line to get rid of a runaway or defunct apache process. As it's a system log line, I wouldn't expect to see an IP address. I can't explain the lack of a timestamp.

Actually, I just ran a test on my laptop. I started apache up, tailed the error log, and sent a kill -15. I got something more like what appears in my code above than in yours. Weird. A google search of both the web and groups for the exact error string turns up only a German forum page (http://translate.google.com/translate?hl=en&sl=de&u=http://www.sachen-fuer-webmaster.de/forum/index.php%3Fshowtopic%3D1881%26view%3Dgetnewpost&prev=/search%3Fq%3D%2522Terminating%2Bon%2Bsignal%2BSIGT ERM(15)%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DG) that, translated and at a quick glance, makes me wonder if the webdav thing is sending too much stuff over (maybe an attempt at a buffer overrun?) and that apache's dropping because of it.

The SIGTERM entries i've seen before, regardless of this huge Webdav buffer overflow attempt... i haven't seen the webdav thing until four days ago...

The SIGTERM I've noticed before, but didn't pay much attention to it until now.
The only things I could find relate to Unix's signaling... As you've mentioned, signal 15 is the terminating signal...

The peculiar thing is, this particular log is from a Windows machine... luckily its only a testinng environment, so i'm not that worried about it... but I still wouldn't mind getting down to the bottom of it... I just find it strange...

On a midly unrelated rant, I hate when IIS exploits show up in my apache logs =)

From memory, that log entry looks like ye 'ol Nimda or Code Red buffer overflow exploit.