I have few question regarding below message :

94.198.4.42 - - [31/May/2012:03:55:34 +0000] "GET /admin/banner_manager.php/login.php HTTP/1.1" 404 9185 "-" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16Flock/2.5.6"

1. Who is accessing the site?
2. From which country/city?
3. What is he trying to do?
4. Did he succeed? do you think it is a malicious or normal visit?

More homework?

I am actually very new in Linux

Please read the LQ rules regarding homework. Posting homework verbatim is a violation.
Were not going to do you homework for you.

You might take a look at your Apache2 setup's configuration file for the LogFormat directive(s) in use and then read the manual regarding the LogFormat directive itself and follow that up with reading on custom log formats. That will explain what each field is for.

So:

1. Look at the IP address and go look it up on any of the free geoip websites
2. ..which will tell you where they THINK it's coming from, since it can be spoofed from anywhere.
3. And by actually READING THE LINE in the file, it tells you they're trying to access the login.php page, doesn't it?
4. You tell us; did they log in to whatever that page logs folks in to?

Being 'very new' is fine, but you should really start out by thinking about what you're asking.

94.198.4.42 client source IP, this one is Russia
31/May/2012:03:55:34 +0000] - UTC timestamp
"GET" - Verb
/admin/banner_manager.php/login.php HTTP/1.1" 404 9185 " - Requested URI and they failed with a 404 - Not found.
9185 - bytes sent
"Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16Flock/2.5.6"- Useragent string, usually A PACK OF LIES.

I'd lockdown that "admin": URL using either .htaccess or the site's apache conf file (preferred method)

Habitual,
Nice of you to do their homework for them

A question/comment about You're presuming that is a legitimate path on the site. If it doesn't exist, it'd be a challenge to lock it down, and unnecessary, IMO

I get hundreds, nay thousands (2838* yesterday), of attempts to GET non-existent files on my web server daily. The requests consume bandwidth (< 50 bytes each), of course, as does the return of the 404 Not Found page (~240 bytes), but they are otherwise harmless.
Yes?

Of course, if there really were a file, then, yes, it should somehow have access restricted...but then, of course, it wouldn't be throwing a 404 error.

*1400 (so, 1/2) of those were requests for apple-touch-icon*png files, which are, I believe sent by browsers on iPhones and iPads...I've given up worrying about them.

I assumed Turdpress.
But you're correct. Scanning for /admin/ is low hanging fruit.

It's not like he learned it. He won't be able to remember it when they "need to" later as a result.
404s can be ignored.

So, hear ye, hear ye,
http://httpd.apache.org/docs/current/logs.html#combined

1 members found this post helpful.