I have found some string word in log file - messages
Sep 3 01:50:46 web snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} 220.135.228.117:2367 -> 210.xxxx.xxx.xx:80
Sep 3 01:50:38 web snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} 220.135.228.117:2365 -> 210.xxxx.xxx.xx:80
Sep 3 01:49:39 web snort: [1:384:5] ICMP PING [Classification: Misc activity] [Priority: 3]: {ICMP} 210.245.18.178 -> 210.xxxx.xxx.xx
Sep 3 01:49:39 web snort: [1:469:3] ICMP PING NMAP [Classification: Attempted Information Leak] [Priority: 2]: {ICMP} 210.24
5.18.178 -> 210.xxxx.xxx.xx
Sep 3 01:44:00 web snort: [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING {TCP} 219.77.137.197:2789 -> 210.xxxx.xxx.xx:80
Sep 3 01:43:37 web su(pam_unix)[1080]: session opened for user root by admin(uid=500)
Sep 3 01:43:10 web sshd(pam_unix)[990]: session opened for user admin by (uid=500)
Sep 3 01:42:13 web proftpd[32236]: mydomain.com (219.78.149.90[219.78.149.90]) - FTP session closed.
Sep 3 01:42:13 web proftpd[32236]: mydomain.com (219.78.149.90[219.78.149.90]) - FTP session idle timeout, disconnected.
Sep 3 01:41:19 web snort: [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING {TCP} 219.77.137.197:2712 -> 210.xxxx.xxx.xx
:80
Sep 3 01:40:35 web snort: [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING {TCP} 210.6.202.163:3108 -> 210.xxxx.xxx.xx:
80
Sep 3 01:39:49 web snort: [1:895:6] WEB-CGI redirect access [Classification: Attempted Information Leak] [Priority: 2]: {TCP
} 203.217.192.70:4805 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:57 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3677 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:57 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3676 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:57 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3675 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:56 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3674 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:56 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3673 -> 210.xxxx.xxx.xx:80
Does that mean ... I have get hack .. in my server ??
Sep 3 01:50:46 web snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} 220.135.228.117:2367 -> 210.xxxx.xxx.xx:80
Sep 3 01:50:38 web snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} 220.135.228.117:2365 -> 210.xxxx.xxx.xx:80
Sep 3 01:49:39 web snort: [1:384:5] ICMP PING [Classification: Misc activity] [Priority: 3]: {ICMP} 210.245.18.178 -> 210.xxxx.xxx.xx
Sep 3 01:49:39 web snort: [1:469:3] ICMP PING NMAP [Classification: Attempted Information Leak] [Priority: 2]: {ICMP} 210.24
5.18.178 -> 210.xxxx.xxx.xx
Sep 3 01:44:00 web snort: [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING {TCP} 219.77.137.197:2789 -> 210.xxxx.xxx.xx:80
Sep 3 01:43:37 web su(pam_unix)[1080]: session opened for user root by admin(uid=500)
Sep 3 01:43:10 web sshd(pam_unix)[990]: session opened for user admin by (uid=500)
Sep 3 01:42:13 web proftpd[32236]: mydomain.com (219.78.149.90[219.78.149.90]) - FTP session closed.
Sep 3 01:42:13 web proftpd[32236]: mydomain.com (219.78.149.90[219.78.149.90]) - FTP session idle timeout, disconnected.
Sep 3 01:41:19 web snort: [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING {TCP} 219.77.137.197:2712 -> 210.xxxx.xxx.xx
:80
Sep 3 01:40:35 web snort: [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING {TCP} 210.6.202.163:3108 -> 210.xxxx.xxx.xx:
80
Sep 3 01:39:49 web snort: [1:895:6] WEB-CGI redirect access [Classification: Attempted Information Leak] [Priority: 2]: {TCP
} 203.217.192.70:4805 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:57 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3677 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:57 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3676 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:57 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3675 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:56 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3674 -> 210.xxxx.xxx.xx:80
Sep 3 01:35:56 web snort: [1:2182:6] BACKDOOR typot trojan traffic [Classification: A Network Trojan was detected] [Priority
: 1]: {TCP} 210.68.40.169:3673 -> 210.xxxx.xxx.xx:80
Does that mean ... I have get hack .. in my server ??