hello I set up apache web server that came with Suse8.2, and the next day got several similar lines in my /var/log/httpd/access_log: -- 193.220.30.35 - - [22/May/2003:14:13:16 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 281 193.194.67.45 - - [22/May/2003:14:14:14 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 281 207.33.111.37 - - [14/May/2003:14:03:55 +0200] "HEAD /cgi-bin/ws_ftp.ini HTTP/1.0" 404 0 207.33.111.37 - - [14/May/2003:14:03:56 +0200] "HEAD /WS_FTP.ini HTTP/1.0" 404 0 207.33.111.37 - - [14/May/2003:14:03:56 +0200] "HEAD /cgi-bin/WS_FTP.ini HTTP/1.0" 404 0 207.33.111.37 - - [14/May/2003:14:03:57 +0200] "HEAD /cgi-bin/ax-admin.cgi HTTP/1.0" 404 0 207.33.111.37 - - [14/May/2003:14:03:57 +0200] "HEAD /cgi-bin/axs.cgi HTTP/1.0" 404 0 2 Are these possible intruder attacks ? Regards, himba --- This mail was Kmailed.