Hi Eliot,

It’s difficult to tell which requests are sent to BaseX. Maybe you can use a networking monitoring tool such as Wireshark to get more hints?

Best, Christian

On Sun, Feb 25, 2024 at 11:59 PM Eliot Kimber eliot.kimber@servicenow.com wrote:

I have an application (our Mirabel system) running on a server inside our firewall (so not visible to the open Internet).

I’ve recently started seeing messages like this in the log:

Access denied: ����.

Access denied: PRI * HTTP/2.0 SM .

Where the value reported can be quite varied, but is often unrenderable characters or other stuff. (In this case the characters are all \uFFFD).

The log messages all report the same IP address.

This server does not use named users, so there’s no authentication required to access it.

The IP address is not one of my own servers, so I don’t think it’s something generated by my own code.

Any idea what this might be? It’s started relatively recently, which makes me think it might be some sort of penetration test.

Cheers,

E.

---

*Eliot Kimber*

Sr Staff Content Engineer

O: 512 554 9368

M: 512 554 9368

servicenow.com https://www.servicenow.com

LinkedIn https://www.linkedin.com/company/servicenow | Twitter https://twitter.com/servicenow | YouTube https://www.youtube.com/user/servicenowinc | Facebook https://www.facebook.com/servicenow