Whitehat hackers and interpretation of server logs

My developer got called back to work and cannot help me.  So.... I am trying to figure out how to read server logs and see if these WhiteHat hackers got into my database. I have asked a similar question before and it seems I have this server locked down decently according to some great folks here on EE. From what I understand is if someone really want to hack they are going to do it no matter how protected the server is.
   I am trying to figure out if the below states that these guys are being forwarded to a 403 forbidden error when they attempt to hit me. I do not know how to change this to a 404 or send them off to some other page. What I also cannot figure out is if they are accessing anything. I do not see any changes on my server and everything is running like a dream as usual. I just cant see if they are successful at these attempts because search after search on google I cannot find a detailed explanation on how to read the logs and have them make sense. I am pretty sure this stuff below is normal but I wanted to check with the Experts!!


This was in my server log IIS 7 - I have a sql server and exchange all on the same box, not the best set up I know, but I am working on 2.0 for my site now.

2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /phpMyAdmin/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 198 86
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX GET /PMA/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 191 86
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /pma/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX 403 4 5 375 191 86
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /admin/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 193 87
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX GET /dbadmin/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX 403 4 5 375 195 87
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX GET /sql/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 191 87
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /mysql/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX 403 4 5 375 193 86
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /myadmin/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX 403 4 5 375 195 86
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /phpmyadmin2/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro -XXX.XXX.XXX.XXX 403 4 5 375 199 86
2012-04-09 08:21:10 W3SVC1 SERVER1 XXX.XXX.XXX.XXX  GET /phpMyAdmin2/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 1 99 86
2012-04-09 08:21:11 W3SVC1 SERVER1 XXX.XXX.XXX.XXX GET /phpMyAdmin-2/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 200 86
2012-04-09 08:21:11 W3SVC1 SERVER1 XXX.XXX.XXX.XXX GET /php-my-admin/ - 80 - 209.15.236.190 HTTP/1.1 Made+by+ZmEu+@+WhiteHat+Team+-+www.whitehat.ro - - XXX.XXX.XXX.XXX  403 4 5 375 200 87
2012-04-09 08:21:11 W3SVC1 SERVER1 XXX.XXX.XXX.XXX GET /sqlmanager/ - 80 - 209.15.236.190 HTTP/1.1 Made+
jeffmeverettAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
you can use some IIS  log analyzer tool to check what has happened. and what information this attacker has got from your server.
seems some tool or script was run against the server seeing the time stamp...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jeffmeverettAuthor Commented:
Where do you find the analyzer? Is this log analyzer you refer to that same as the 'logging' icon you click to view the logs in Internet Information Server Console? Or is this a different analyzer from a SQL something or another?
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

jeffmeverettAuthor Commented:
Can you please tell me the name of the software? The link takes me to an site in India but will not let me go any further. Thanks! I will keep you posted on any developments.
0
AnuroopsunddCommented:
FYI.. below is the sample of report you get from these software.. where you can see what ip what files and what has been accessed..
http://www.loganalyzer.net/sample/
0
jeffmeverettAuthor Commented:
So basically just install this on my public server and take a look at things? This program will not cause any changes to the NIC or anything like that correct? I should not have to worry about anything changing any current configuration or any type of reboot maybe necessary? I cant reboot at this time because I have my designer making some changes. Would there be any problems with the program being in 'promiscuous' mode? If you get the chance please let me know thanks for all your help thus far!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.