Solved

what are these people doing? sample WINNT\system32\LogFiles\W3SVC1 - 21:40:48 66.19.101.21 SEARCH / 411

Posted on 2004-04-12
5
1,115 Views
Last Modified: 2007-12-19
i keep getting this on my logfiles everyday but i dont know what they are trying to do. hacking? yes, hacking what?
what are they trying to do? what purpose?
i look up for what the numbers means
200 OK Action complete successfully
411 Length Required
anyone please tell what they are trying to accomplish?

c:WINNT\system32\LogFiles\W3SVC1
11:11:35 217.217.61.224 GET / 200
11:11:37 217.217.61.224 SEARCH / 411
11:12:45 166.127.1.35 GET / 200
11:12:45 166.127.1.35 SEARCH / 411
11:59:52 210.78.92.206 GET / 200
11:59:52 210.78.92.206 SEARCH / 411
12:41:08 219.164.105.247 GET / 200
12:41:08 219.164.105.247 SEARCH / 411
13:00:45 218.75.12.38 GET / 200
13:00:45 218.75.12.38 SEARCH / 411
13:22:32 219.140.22.18 GET / 200
13:22:32 219.140.22.18 SEARCH / 411
14:20:00 80.58.14.44 GET / 200
14:20:02 80.58.14.44 SEARCH / 411
14:58:08 82.64.242.68 GET / 200
14:58:09 82.64.242.68 SEARCH / 411
15:11:28 202.156.2.50 GET / 200
15:11:28 202.156.2.50 SEARCH / 411
15:23:26 218.87.77.34 GET / 200
15:23:26 218.87.77.34 SEARCH / 411
15:25:27 219.118.17.127 GET / 200
15:25:27 219.118.17.127 SEARCH / 411
15:35:22 61.160.28.210 GET / 200
15:35:26 61.160.28.210 SEARCH / 411
15:46:29 80.44.120.67 GET / 200
15:46:30 80.44.120.67 SEARCH / 411
16:09:30 81.70.153.25 GET / 200
16:09:30 81.70.153.25 SEARCH / 411
16:35:00 219.78.179.119 GET / 200
16:35:00 219.78.179.119 SEARCH / 411
16:47:04 128.58.76.33 GET / 200
16:47:06 128.58.76.33 SEARCH / 411
17:08:08 220.166.116.249 GET / 200
17:08:08 220.166.116.249 SEARCH / 411
17:15:56 165.21.154.12 GET / 200
17:24:51 83.152.169.227 GET / 200
17:24:52 83.152.169.227 SEARCH / 411
17:52:55 81.60.158.11 GET / 200
17:52:56 81.60.158.11 SEARCH / 411
18:28:53 81.129.6.177 GET / 200
18:28:53 81.129.6.177 SEARCH / 411
20:03:03 218.26.219.195 GET / 200
20:03:03 218.26.219.195 SEARCH / 411
20:41:47 80.58.11.45 GET / 200
20:41:48 80.58.11.45 SEARCH / 411
20:59:29 80.58.3.42 GET / 200
20:59:48 80.58.3.42 SEARCH / 411
21:08:34 219.156.126.3 GET / 200
21:08:34 219.156.126.3 SEARCH / 411
21:40:44 66.19.101.21 GET / 200
21:40:48 66.19.101.21 SEARCH / 411
21:53:01 219.110.38.47 GET / 200
21:53:05 219.110.38.47 SEARCH / 411
22:01:05 210.50.52.146 GET / 200
22:01:09 210.50.52.146 SEARCH / 411
22:13:53 65.246.148.253 GET / 200
22:13:53 65.246.148.253 SEARCH / 411
22:48:30 4.37.216.48 GET / 200
22:48:30 4.37.216.48 SEARCH / 411
23:22:48 218.225.135.67 GET / 200
23:22:50 218.225.135.67 SEARCH / 411
23:56:01 68.251.64.171 GET / 200
23:56:01 68.251.64.171 SEARCH / 411
0
Comment
Question by:Jerry_Pang
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10811175
I think they are trying to exploit an old bug in the .ida search module. But it is also possible ofcourse that your search command has a restriction on the input of the string meaning that if I do a search on your webserver with a string that is to short or a blank.
0
 
LVL 9

Author Comment

by:Jerry_Pang
ID: 10811434
bug? where can read more info about this?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10813310
i would suggest securityfocus.com and search for .idq and .ida issues but what version of IIS are you running?
Your input is rather poor to give a concrete answer to your problem.
0
 
LVL 9

Author Comment

by:Jerry_Pang
ID: 10819431
sorry but this is the only info i have. i just wan to know what these ip are trying to do at my pc.
like this one
68.251.64.171 GET / 200
68.251.64.171 SEARCH / 411

i also search in google for .idq and .ida issues
found this one
http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
0
 
LVL 6

Accepted Solution

by:
bloemkool1980 earned 50 total points
ID: 10820703
Well you should have more information because a get and Search are standard commands. Without the complete url and the file they access it is obsolete and very hard to have an idea what they do.
I just assume it is web vulnerability scanner running against your site doing pretty much standard things and nothing really to worry about.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website and email setup 4 41
What is the best password manager? 12 169
Web Fraud scenarios to PoC F5  web fraud prevention 7 48
Review of a VPN cert policy 4 43
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question