The last few days I noticed strange stuff in my access log:
188.107.245.66 - - [18/Oct/2011:19:12:19 +0300] "S\\xe5\\v\\xa1\\xdcJ3\\b\\x86V\\x06\\xdf\\xfc\\xe12\\x17\\xcf5\\xcc\\xe4\\xceF" 400 226
188.87.22.67 - - [18/Oct/2011:19:45:57 +0300] "\\x86E\\x80\\x1aAv_t\\xef\\xc1\\x15\\xe6\\xf6G\\x136\\xf6\\xb2\\x10d\\xd0\\xd4\\x8d\\xb8\\xbe!\\xd0\\xe1f" 302 -
81.157.125.118 - - [18/Oct/2011:20:22:03 +0300] "\\xd9V\\xdd\\xfa[l_\\"l\\x8b=\\xa9\\x02\\x87\\x81\\xccV\\x843\\x0e\\x18\\xbb\\xd9X\\xb7\\xcf\\xc5\\xaf\\xf6P\\xff\\x81\\x92\\x0e\\x9bld\\x7f\\x83<YA\\xd2\\x0c\\x8e\\xfd\\xcb\\xab\\x85\\xc6" 400 226
82.113.121.32 - - [19/Oct/2011:19:56:34 +0300] "\\xfd\\xe8\\x1clL\\x04\\x12\\xeau\\xf6v>\\xc4\\xd8\\x8b\\xea\\xf1\\xd2<\\x11\\xe9\\xfa\\xa1\\x89\\xd7\\xc3`\\xb0\\xc5(\\x07\\xde\\x12\\x88\\xb8\\x9b\\xfc\\xf7kq," 302 -
77.181.227.10 - - [20/Oct/2011:19:01:44 +0300] "\\x9a\\xaf\\x1b" 302 - "-" "-"
194.228.94.242 - - [21/Oct/2011:12:31:49 +0300] "$\\xfe\\x87O\\xa7\\xb6\\x0e\\x17[}" 302 - "-" "-"
188.187.133.114 - - [21/Oct/2011:20:19:35 +0300] "M\\x85r?\\xf3\\x81\\x13\\x0e\\xc8\\xab" 302 - "-" "-"
95.103.75.20 - - [22/Oct/2011:16:41:58 +0300] "\\xc0\\xfd\\xbf\\xcf" 200 194 "-" "-"
46.135.104.255 - - [22/Oct/2011:16:58:52 +0300] "w\\xc1\\x15\\xadqk\\x85\\xa18\\x83\\xf0\\xe8{\\x95\\x10\\x92}\\xa8\\x9e\\xddt\\xcdiA\\x02\\x17G\\xf1R\\x96p" 200 194 "-" "-"
93.96.74.252 - - [22/Oct/2011:23:25:37 +0300] "\\xfbO\\xed\\xda\\x85$\\xa8\\xa6\\x8e\\xcdi\\xc6\\x13't$\\xc1 1\\xa8\\xec4(\\x98\\xc3\\xda\\xbc\\x8b," 400 226 "-" "-"
Normally I see this:
174.129.228.67 - - [23/Oct/2011:06:56:53 +0300] "GET /robots.txt HTTP/1.0" 200 26 "-" "ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)"
The first thing I don’t understand is why the strange requests don’t include a method (get/post/head/etc). The second thing is obvious: what does it mean? And the third thing: why do I have different response codes for those requests? Sure, depending on what they do Apache replies differently, but I don’t know what’s behind the encoded requests.