suspicious log activity
 

This type of activity has been showing up on my apache log, by the hundreds (300+ such episodes a day) a day. What does it mean? Seems someone is hijacking the server to try to logon to Yahoo Messenger, or am I just being paranoid?

This board won't let me post the actual log as it contains URLs and I'm a newbie here, but the URLs (preceded by GET the full URL) lead to a failed Yahoo Messenger login page.

Any thoughts?

You'll need to post them up.. to get around the URL's just simply take out the http:// or www. portions, etc.

I'll give it a try. Here are 3 samples from over 300 in yesterday's log. http// has been deleted in the following:

GET
login.india.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.don e=http://jpager.yahoo.com/jpager/pager2.shtml&login=gabe__p&passwd=allegro HTTP/1.0 with response code(s) 404
GET w4.edit.tpe.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.don e=http://jpager.yahoo.com/jpager/pager2.shtml&login=fine__thang43f&passwd=abby HTTP/1.0 with response code(s) 404
GET e8.edit.cnb.yahoo.com/config/login?.yplus=&.partner=&login=totalbitch&passwd='123 (123) HTTP/1.0 with response code(s) 404

As long as their not logging into your site with the apparent login credentials they are trying, no worries really. Probably and mainly just a virus or such that is used against IIS servers..