Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1149
  • Last Modified:

what are these people doing? sample WINNT\system32\LogFiles\W3SVC1 - 21:40:48 66.19.101.21 SEARCH / 411

i keep getting this on my logfiles everyday but i dont know what they are trying to do. hacking? yes, hacking what?
what are they trying to do? what purpose?
i look up for what the numbers means
200 OK Action complete successfully
411 Length Required
anyone please tell what they are trying to accomplish?

c:WINNT\system32\LogFiles\W3SVC1
11:11:35 217.217.61.224 GET / 200
11:11:37 217.217.61.224 SEARCH / 411
11:12:45 166.127.1.35 GET / 200
11:12:45 166.127.1.35 SEARCH / 411
11:59:52 210.78.92.206 GET / 200
11:59:52 210.78.92.206 SEARCH / 411
12:41:08 219.164.105.247 GET / 200
12:41:08 219.164.105.247 SEARCH / 411
13:00:45 218.75.12.38 GET / 200
13:00:45 218.75.12.38 SEARCH / 411
13:22:32 219.140.22.18 GET / 200
13:22:32 219.140.22.18 SEARCH / 411
14:20:00 80.58.14.44 GET / 200
14:20:02 80.58.14.44 SEARCH / 411
14:58:08 82.64.242.68 GET / 200
14:58:09 82.64.242.68 SEARCH / 411
15:11:28 202.156.2.50 GET / 200
15:11:28 202.156.2.50 SEARCH / 411
15:23:26 218.87.77.34 GET / 200
15:23:26 218.87.77.34 SEARCH / 411
15:25:27 219.118.17.127 GET / 200
15:25:27 219.118.17.127 SEARCH / 411
15:35:22 61.160.28.210 GET / 200
15:35:26 61.160.28.210 SEARCH / 411
15:46:29 80.44.120.67 GET / 200
15:46:30 80.44.120.67 SEARCH / 411
16:09:30 81.70.153.25 GET / 200
16:09:30 81.70.153.25 SEARCH / 411
16:35:00 219.78.179.119 GET / 200
16:35:00 219.78.179.119 SEARCH / 411
16:47:04 128.58.76.33 GET / 200
16:47:06 128.58.76.33 SEARCH / 411
17:08:08 220.166.116.249 GET / 200
17:08:08 220.166.116.249 SEARCH / 411
17:15:56 165.21.154.12 GET / 200
17:24:51 83.152.169.227 GET / 200
17:24:52 83.152.169.227 SEARCH / 411
17:52:55 81.60.158.11 GET / 200
17:52:56 81.60.158.11 SEARCH / 411
18:28:53 81.129.6.177 GET / 200
18:28:53 81.129.6.177 SEARCH / 411
20:03:03 218.26.219.195 GET / 200
20:03:03 218.26.219.195 SEARCH / 411
20:41:47 80.58.11.45 GET / 200
20:41:48 80.58.11.45 SEARCH / 411
20:59:29 80.58.3.42 GET / 200
20:59:48 80.58.3.42 SEARCH / 411
21:08:34 219.156.126.3 GET / 200
21:08:34 219.156.126.3 SEARCH / 411
21:40:44 66.19.101.21 GET / 200
21:40:48 66.19.101.21 SEARCH / 411
21:53:01 219.110.38.47 GET / 200
21:53:05 219.110.38.47 SEARCH / 411
22:01:05 210.50.52.146 GET / 200
22:01:09 210.50.52.146 SEARCH / 411
22:13:53 65.246.148.253 GET / 200
22:13:53 65.246.148.253 SEARCH / 411
22:48:30 4.37.216.48 GET / 200
22:48:30 4.37.216.48 SEARCH / 411
23:22:48 218.225.135.67 GET / 200
23:22:50 218.225.135.67 SEARCH / 411
23:56:01 68.251.64.171 GET / 200
23:56:01 68.251.64.171 SEARCH / 411
0
Jerry_Pang
Asked:
Jerry_Pang
  • 3
  • 2
1 Solution
 
bloemkool1980Commented:
I think they are trying to exploit an old bug in the .ida search module. But it is also possible ofcourse that your search command has a restriction on the input of the string meaning that if I do a search on your webserver with a string that is to short or a blank.
0
 
Jerry_PangAuthor Commented:
bug? where can read more info about this?
0
 
bloemkool1980Commented:
i would suggest securityfocus.com and search for .idq and .ida issues but what version of IIS are you running?
Your input is rather poor to give a concrete answer to your problem.
0
 
Jerry_PangAuthor Commented:
sorry but this is the only info i have. i just wan to know what these ip are trying to do at my pc.
like this one
68.251.64.171 GET / 200
68.251.64.171 SEARCH / 411

i also search in google for .idq and .ida issues
found this one
http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
0
 
bloemkool1980Commented:
Well you should have more information because a get and Search are standard commands. Without the complete url and the file they access it is obsolete and very hard to have an idea what they do.
I just assume it is web vulnerability scanner running against your site doing pretty much standard things and nothing really to worry about.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now