IIS LOG entry.....

From: Site Admin (tsgbma@yahoo.com)
Date: 07/23/01 

Message-ID: <20010723103752.3785.qmail@web14101.mail.yahoo.com>
Date: Mon, 23 Jul 2001 03:37:52 -0700 (PDT)
From: Site Admin <tsgbma@yahoo.com>
Subject: IIS LOG entry.....
To: FOCUS-MS@SECURITYFOCUS.COM

Hi All,
  We have a website on NT4 IIS4.During frequent checks
of my IIS log, i found the following entries :

2001-07-22 13:25:58 209.247.40.105 - GET /robots.txt -
404 15 ia_archiver -
2001-07-22 13:26:00 209.247.40.105 - GET
/s5intr/SessExpNW.asp - 200 15 ia_archiver -

   Is it hacking attempt? This particular IP from
Alexa.com is found frequntly in the log for
"robots.txt".

  I also found....

2001-07-21 17:16:42 208.20.74.1 - GET /default.ida
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
404 78 - -
2001-07-21 18:11:39 209.247.40.98 - GET /robots.txt -
404 16 ia_archiver -
2001-07-21 18:11:39 209.247.40.98 - GET /welcome.asp -
200 344 ia_archiver -
   Again, for the last 3 days, i find entries with GET
attempt for /default.ida from a set of 5-10 ip's. When
i checked with NSlookup for some ip's nslookup doesnt
return any values...
  But, i have not lost any data and there is no sign
of anything being wrong with the wesite.
(soory for the long mail)
  Any advice/help on what to do...
regds,
RP

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Relevant Pages

  • Re: OWA distorted
    ... Where do i get the current IIS log? ... I will post the entries yes, ... The old (exchange) server i formatted. ...
    (microsoft.public.exchange.admin)
  • RE: IIS LOG entry.....
    ... Subject: IIS LOG entry..... ... MS01-033 and you should be fine against that worm. ... i checked with NSlookup for some ip's nslookup doesnt ... Make international calls for as low as $.04/minute with Yahoo! ...
    (Focus-Microsoft)
  • Re: IIS LOG entry.....
    ... Subject: IIS LOG entry..... ... that request would root IIS and the request ... > MS01-033 and you should be fine against that worm. ... > i checked with NSlookup for some ip's nslookup doesnt ...
    (Focus-Microsoft)