Yes, it's a hack attempt. There is a very high probability that it's an automated attempt from a code red/nimda worm.
A previous respondent suggested a manual hack because of the timings. I suggest not. The timings could indicate merely that it (the worm not your box) is on a slow line. The codered worm attempts 100 threads at once or something, so it's not going to be that fast on an individual server.
The zombie machines running codered outnumber hackers 100:1, scan faster and most of them 24 hours a day :)
Anyone who is an admin of a public web server or has been in the last approx 1 year will be very used to seeing these.
Obviously it doesn't just try to hack iis, it tries to hack anything.
There is nothing to worry about if your IIS is properly patched an locked down. MS have an iis lockdown tool which does this quite nicely (be careful and don't lock anything out you're using!)
Remember always rerun the lockdown tool after any patch, upgrade, software reconfiguration or anything like that. Some of MS's patches re-instate things which are locked out by their lockdown.
Also any add/remove of software, even something as simple and removing pinball from the machine might make it reinstate dangerous config in IIS. Keep an eye on it.
Slarty
