Solved

what are these people doing? sample WINNT\system32\LogFiles\W3SVC1 - 21:40:48 66.19.101.21 SEARCH / 411

Posted on 2004-04-12
5
1,114 Views
Last Modified: 2007-12-19
i keep getting this on my logfiles everyday but i dont know what they are trying to do. hacking? yes, hacking what?
what are they trying to do? what purpose?
i look up for what the numbers means
200 OK Action complete successfully
411 Length Required
anyone please tell what they are trying to accomplish?

c:WINNT\system32\LogFiles\W3SVC1
11:11:35 217.217.61.224 GET / 200
11:11:37 217.217.61.224 SEARCH / 411
11:12:45 166.127.1.35 GET / 200
11:12:45 166.127.1.35 SEARCH / 411
11:59:52 210.78.92.206 GET / 200
11:59:52 210.78.92.206 SEARCH / 411
12:41:08 219.164.105.247 GET / 200
12:41:08 219.164.105.247 SEARCH / 411
13:00:45 218.75.12.38 GET / 200
13:00:45 218.75.12.38 SEARCH / 411
13:22:32 219.140.22.18 GET / 200
13:22:32 219.140.22.18 SEARCH / 411
14:20:00 80.58.14.44 GET / 200
14:20:02 80.58.14.44 SEARCH / 411
14:58:08 82.64.242.68 GET / 200
14:58:09 82.64.242.68 SEARCH / 411
15:11:28 202.156.2.50 GET / 200
15:11:28 202.156.2.50 SEARCH / 411
15:23:26 218.87.77.34 GET / 200
15:23:26 218.87.77.34 SEARCH / 411
15:25:27 219.118.17.127 GET / 200
15:25:27 219.118.17.127 SEARCH / 411
15:35:22 61.160.28.210 GET / 200
15:35:26 61.160.28.210 SEARCH / 411
15:46:29 80.44.120.67 GET / 200
15:46:30 80.44.120.67 SEARCH / 411
16:09:30 81.70.153.25 GET / 200
16:09:30 81.70.153.25 SEARCH / 411
16:35:00 219.78.179.119 GET / 200
16:35:00 219.78.179.119 SEARCH / 411
16:47:04 128.58.76.33 GET / 200
16:47:06 128.58.76.33 SEARCH / 411
17:08:08 220.166.116.249 GET / 200
17:08:08 220.166.116.249 SEARCH / 411
17:15:56 165.21.154.12 GET / 200
17:24:51 83.152.169.227 GET / 200
17:24:52 83.152.169.227 SEARCH / 411
17:52:55 81.60.158.11 GET / 200
17:52:56 81.60.158.11 SEARCH / 411
18:28:53 81.129.6.177 GET / 200
18:28:53 81.129.6.177 SEARCH / 411
20:03:03 218.26.219.195 GET / 200
20:03:03 218.26.219.195 SEARCH / 411
20:41:47 80.58.11.45 GET / 200
20:41:48 80.58.11.45 SEARCH / 411
20:59:29 80.58.3.42 GET / 200
20:59:48 80.58.3.42 SEARCH / 411
21:08:34 219.156.126.3 GET / 200
21:08:34 219.156.126.3 SEARCH / 411
21:40:44 66.19.101.21 GET / 200
21:40:48 66.19.101.21 SEARCH / 411
21:53:01 219.110.38.47 GET / 200
21:53:05 219.110.38.47 SEARCH / 411
22:01:05 210.50.52.146 GET / 200
22:01:09 210.50.52.146 SEARCH / 411
22:13:53 65.246.148.253 GET / 200
22:13:53 65.246.148.253 SEARCH / 411
22:48:30 4.37.216.48 GET / 200
22:48:30 4.37.216.48 SEARCH / 411
23:22:48 218.225.135.67 GET / 200
23:22:50 218.225.135.67 SEARCH / 411
23:56:01 68.251.64.171 GET / 200
23:56:01 68.251.64.171 SEARCH / 411
0
Comment
Question by:Jerry_Pang
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10811175
I think they are trying to exploit an old bug in the .ida search module. But it is also possible ofcourse that your search command has a restriction on the input of the string meaning that if I do a search on your webserver with a string that is to short or a blank.
0
 
LVL 9

Author Comment

by:Jerry_Pang
ID: 10811434
bug? where can read more info about this?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10813310
i would suggest securityfocus.com and search for .idq and .ida issues but what version of IIS are you running?
Your input is rather poor to give a concrete answer to your problem.
0
 
LVL 9

Author Comment

by:Jerry_Pang
ID: 10819431
sorry but this is the only info i have. i just wan to know what these ip are trying to do at my pc.
like this one
68.251.64.171 GET / 200
68.251.64.171 SEARCH / 411

i also search in google for .idq and .ida issues
found this one
http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
0
 
LVL 6

Accepted Solution

by:
bloemkool1980 earned 50 total points
ID: 10820703
Well you should have more information because a get and Search are standard commands. Without the complete url and the file they access it is obsolete and very hard to have an idea what they do.
I just assume it is web vulnerability scanner running against your site doing pretty much standard things and nothing really to worry about.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
security string in a noisy bar 5 86
Security Overview Report 8 51
Access 2016 5 54
Admin account lockout 10 39
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question