Strange items in Apache log, please help?

Hey guys,

I started learning about how to host my own web server around 3 months ago, so I'm still (VERY) new to this, but that's not to say I haven't learnt much since I started.

One thing that still baffles (and worries) me though is a recurring item in my Apache access log.

88.185.8.194 - - [06/Aug/2010:07:50:31 +0200] "5T[\x8cf\xb3\xdc!\x1c\xfa\xaa\xe0\x07{\xa4=_y\xf5\xfd\x95\x04\x02" 200 14967 "-" "-"
62.209.130.42 - - [06/Aug/2010:19:20:24 +0200] "h\xac\x10,s\xe5\xe4k\x036\x9a\xaa\x11l)KG\x93" 200 21041 "-" "-"

Now, I did my best to research what these things are before posting this thread, and from what I understand, it's shell code? or some code injection of sorts? (I run the server on windows, haven't had time to test linux out)
What worries me most is the fact that http 200s are being returned, which means something is obviously happening, and they're not being outright rejected (403, 404, 405 or one of the other 4xx codes)

Can anyone please help me understand what the hell's going on? And what I can perhaps do to remedy it? (I installed mod_security and configured some rules yesterday which helped stop some of the other potential attacks... except these two)

One final note: My server hosts a phpbb3 forum and nothing else, if these attacks are in fact targeting the website not the server/software.

Regards,
Malt

 

Thanks for the reply digital

Yep, that's what I thought too, and after spending an afternoon reading about this (4 hours of small text on a screen about a problem you never heard of = major headache) it seems to be the case.

I just hope he didn't find any lol, but the http 200 codes being returned are worrysome.

 

That's the thing, they're not URLs :/ I tried putting them after my site's name and I get a 404 .. but someone is clearly succeeding using something else

Oh well, I'll try to ignore this issue. But if anyone on this forum has an idea what might be happening, please let me know