You'll see this a lot from hackers attempting to make use of known exploits of *Windows* servers. If you're on a Unix box, it will have no effect.

Is there no way to stop it, or slow them down, yes the server is on XP and I've thought about changing the OS but what is the best one to use. XP has all the security updates, but is that enough.

Sorry, I'm not familiar with Windows servers... but definitely keep it patched/updated.

This looks like the old Code Red/Nimda attack against IIS. It never affected Apache (OK, I think it might have exposed a bug in Apache's 404 file not found handling, but that, like the bug in IIS, was fixed years ago).

On an affected server, it would have returned a directory listing to the attacking program, which would then exploit the bug to spread the worm further.

However, people will constantly throw exploits against any web server, so keep an eye on security updates.

Jon.

The entry means that somebody made the page request, it doesn't mean that it was necessarily honored.

The 302 response code might be of concern. I seem to recall that, depending on how the server is configured, this might be okay. (Try copying the entire URL from your log file and making the request against your server.)

Since there are both encoded characters and ".." references in the path, I am guessing that the server is not locked down as well as it could be. If you run the IIS lockdown tool and/or install the URL Scan utility from MS, you won't get these in your log file. (they are blocked before they make it through to IIS) Both of those tools are available from the MSDN (msdn.microsoft.com) website.

I copyed the entire url from the logfile and did the request against my server, it returnd a 404 error.
I'm not running a MS server, I guess I should of said so.
I'm running Apache 1.3.24 PHP 4.3.3 MySql 4.0.18

Thank you all for the replys