Jerry_Pang
asked on
what are these people doing? sample WINNT\system32\LogFiles\W3SVC1 - 21:40:48 66.19.101.21 SEARCH / 411
i keep getting this on my logfiles everyday but i dont know what they are trying to do. hacking? yes, hacking what?
what are they trying to do? what purpose?
i look up for what the numbers means
200 OK Action complete successfully
411 Length Required
anyone please tell what they are trying to accomplish?
c:WINNT\system32\LogFiles\
11:11:35 217.217.61.224 GET / 200
11:11:37 217.217.61.224 SEARCH / 411
11:12:45 166.127.1.35 GET / 200
11:12:45 166.127.1.35 SEARCH / 411
11:59:52 210.78.92.206 GET / 200
11:59:52 210.78.92.206 SEARCH / 411
12:41:08 219.164.105.247 GET / 200
12:41:08 219.164.105.247 SEARCH / 411
13:00:45 218.75.12.38 GET / 200
13:00:45 218.75.12.38 SEARCH / 411
13:22:32 219.140.22.18 GET / 200
13:22:32 219.140.22.18 SEARCH / 411
14:20:00 80.58.14.44 GET / 200
14:20:02 80.58.14.44 SEARCH / 411
14:58:08 82.64.242.68 GET / 200
14:58:09 82.64.242.68 SEARCH / 411
15:11:28 202.156.2.50 GET / 200
15:11:28 202.156.2.50 SEARCH / 411
15:23:26 218.87.77.34 GET / 200
15:23:26 218.87.77.34 SEARCH / 411
15:25:27 219.118.17.127 GET / 200
15:25:27 219.118.17.127 SEARCH / 411
15:35:22 61.160.28.210 GET / 200
15:35:26 61.160.28.210 SEARCH / 411
15:46:29 80.44.120.67 GET / 200
15:46:30 80.44.120.67 SEARCH / 411
16:09:30 81.70.153.25 GET / 200
16:09:30 81.70.153.25 SEARCH / 411
16:35:00 219.78.179.119 GET / 200
16:35:00 219.78.179.119 SEARCH / 411
16:47:04 128.58.76.33 GET / 200
16:47:06 128.58.76.33 SEARCH / 411
17:08:08 220.166.116.249 GET / 200
17:08:08 220.166.116.249 SEARCH / 411
17:15:56 165.21.154.12 GET / 200
17:24:51 83.152.169.227 GET / 200
17:24:52 83.152.169.227 SEARCH / 411
17:52:55 81.60.158.11 GET / 200
17:52:56 81.60.158.11 SEARCH / 411
18:28:53 81.129.6.177 GET / 200
18:28:53 81.129.6.177 SEARCH / 411
20:03:03 218.26.219.195 GET / 200
20:03:03 218.26.219.195 SEARCH / 411
20:41:47 80.58.11.45 GET / 200
20:41:48 80.58.11.45 SEARCH / 411
20:59:29 80.58.3.42 GET / 200
20:59:48 80.58.3.42 SEARCH / 411
21:08:34 219.156.126.3 GET / 200
21:08:34 219.156.126.3 SEARCH / 411
21:40:44 66.19.101.21 GET / 200
21:40:48 66.19.101.21 SEARCH / 411
21:53:01 219.110.38.47 GET / 200
21:53:05 219.110.38.47 SEARCH / 411
22:01:05 210.50.52.146 GET / 200
22:01:09 210.50.52.146 SEARCH / 411
22:13:53 65.246.148.253 GET / 200
22:13:53 65.246.148.253 SEARCH / 411
22:48:30 4.37.216.48 GET / 200
22:48:30 4.37.216.48 SEARCH / 411
23:22:48 218.225.135.67 GET / 200
23:22:50 218.225.135.67 SEARCH / 411
23:56:01 68.251.64.171 GET / 200
23:56:01 68.251.64.171 SEARCH / 411
what are they trying to do? what purpose?
i look up for what the numbers means
200 OK Action complete successfully
411 Length Required
anyone please tell what they are trying to accomplish?
c:WINNT\system32\LogFiles\
11:11:35 217.217.61.224 GET / 200
11:11:37 217.217.61.224 SEARCH / 411
11:12:45 166.127.1.35 GET / 200
11:12:45 166.127.1.35 SEARCH / 411
11:59:52 210.78.92.206 GET / 200
11:59:52 210.78.92.206 SEARCH / 411
12:41:08 219.164.105.247 GET / 200
12:41:08 219.164.105.247 SEARCH / 411
13:00:45 218.75.12.38 GET / 200
13:00:45 218.75.12.38 SEARCH / 411
13:22:32 219.140.22.18 GET / 200
13:22:32 219.140.22.18 SEARCH / 411
14:20:00 80.58.14.44 GET / 200
14:20:02 80.58.14.44 SEARCH / 411
14:58:08 82.64.242.68 GET / 200
14:58:09 82.64.242.68 SEARCH / 411
15:11:28 202.156.2.50 GET / 200
15:11:28 202.156.2.50 SEARCH / 411
15:23:26 218.87.77.34 GET / 200
15:23:26 218.87.77.34 SEARCH / 411
15:25:27 219.118.17.127 GET / 200
15:25:27 219.118.17.127 SEARCH / 411
15:35:22 61.160.28.210 GET / 200
15:35:26 61.160.28.210 SEARCH / 411
15:46:29 80.44.120.67 GET / 200
15:46:30 80.44.120.67 SEARCH / 411
16:09:30 81.70.153.25 GET / 200
16:09:30 81.70.153.25 SEARCH / 411
16:35:00 219.78.179.119 GET / 200
16:35:00 219.78.179.119 SEARCH / 411
16:47:04 128.58.76.33 GET / 200
16:47:06 128.58.76.33 SEARCH / 411
17:08:08 220.166.116.249 GET / 200
17:08:08 220.166.116.249 SEARCH / 411
17:15:56 165.21.154.12 GET / 200
17:24:51 83.152.169.227 GET / 200
17:24:52 83.152.169.227 SEARCH / 411
17:52:55 81.60.158.11 GET / 200
17:52:56 81.60.158.11 SEARCH / 411
18:28:53 81.129.6.177 GET / 200
18:28:53 81.129.6.177 SEARCH / 411
20:03:03 218.26.219.195 GET / 200
20:03:03 218.26.219.195 SEARCH / 411
20:41:47 80.58.11.45 GET / 200
20:41:48 80.58.11.45 SEARCH / 411
20:59:29 80.58.3.42 GET / 200
20:59:48 80.58.3.42 SEARCH / 411
21:08:34 219.156.126.3 GET / 200
21:08:34 219.156.126.3 SEARCH / 411
21:40:44 66.19.101.21 GET / 200
21:40:48 66.19.101.21 SEARCH / 411
21:53:01 219.110.38.47 GET / 200
21:53:05 219.110.38.47 SEARCH / 411
22:01:05 210.50.52.146 GET / 200
22:01:09 210.50.52.146 SEARCH / 411
22:13:53 65.246.148.253 GET / 200
22:13:53 65.246.148.253 SEARCH / 411
22:48:30 4.37.216.48 GET / 200
22:48:30 4.37.216.48 SEARCH / 411
23:22:48 218.225.135.67 GET / 200
23:22:50 218.225.135.67 SEARCH / 411
23:56:01 68.251.64.171 GET / 200
23:56:01 68.251.64.171 SEARCH / 411
I think they are trying to exploit an old bug in the .ida search module. But it is also possible ofcourse that your search command has a restriction on the input of the string meaning that if I do a search on your webserver with a string that is to short or a blank.
ASKER
bug? where can read more info about this?
i would suggest securityfocus.com and search for .idq and .ida issues but what version of IIS are you running?
Your input is rather poor to give a concrete answer to your problem.
Your input is rather poor to give a concrete answer to your problem.
ASKER
sorry but this is the only info i have. i just wan to know what these ip are trying to do at my pc.
like this one
68.251.64.171 GET / 200
68.251.64.171 SEARCH / 411
i also search in google for .idq and .ida issues
found this one
http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
like this one
68.251.64.171 GET / 200
68.251.64.171 SEARCH / 411
i also search in google for .idq and .ida issues
found this one
http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.